Asymmetric PSI is a cryptographic protocol variant of Private Set Intersection where the output is revealed exclusively to a single designated party, typically the client. Unlike symmetric PSI where both parties learn the intersection, this construction ensures the server remains oblivious to the result, preventing the server from inferring the client's private input set from the output.
Glossary
Asymmetric PSI

What is Asymmetric PSI?
A private set intersection variant where only one party learns the intersection result while the other party learns nothing, commonly used in client-server contact discovery applications.
The primary real-world deployment of asymmetric PSI is contact discovery in secure messaging applications. A client queries a server's user database to identify which of their phone contacts are registered users, learning only the intersection while the server learns nothing about the client's address book. This is typically achieved through Oblivious Pseudorandom Functions (OPRFs) or Homomorphic Encryption, ensuring the server cannot enumerate the client's social graph.
Key Features of Asymmetric PSI
Asymmetric Private Set Intersection (PSI) is a cryptographic protocol variant where only one party—typically the client—learns the intersection result, while the other party—the server—learns nothing. This one-sided output is the defining characteristic that distinguishes it from mutual PSI and makes it ideal for client-server applications like contact discovery.
One-Sided Output Guarantee
The fundamental property of asymmetric PSI is that only the client receives the intersection result. The server learns absolutely nothing about the client's input set or the resulting intersection. This is cryptographically enforced, not merely a policy choice.
- Client learns: The elements common to both sets
- Server learns: Nothing beyond what it already knows (its own set)
- No leakage: The server cannot distinguish between a client query that yields an intersection and one that yields an empty result
This one-sidedness is what makes the protocol suitable for scenarios where the server's dataset is public or already known to the server, and only the client requires privacy.
Client-Server Architecture
Asymmetric PSI is inherently designed for a client-server topology, where the server holds a large, often static dataset and the client queries with a smaller, private set. This architecture reflects real-world applications like messaging contact discovery.
- Server role: Holds the full dataset (e.g., all registered users) and responds to queries
- Client role: Initiates the protocol with a private input set (e.g., phone contacts)
- Communication pattern: Single request-response round trip in optimized protocols
- Scalability: Server can pre-process its dataset once and serve many clients efficiently
The asymmetry in roles maps directly to the asymmetry in output, creating a natural fit for service-oriented deployments.
Unbalanced Set Sizes
Asymmetric PSI protocols are specifically optimized for highly unbalanced set sizes, where the server's set is orders of magnitude larger than the client's. This is the typical scenario in contact discovery, where a server may hold billions of records while a client queries with hundreds or thousands.
- Server set size: Can be billions of elements
- Client set size: Typically hundreds to thousands
- Optimization: Server computation scales with client set size, not server set size
- Techniques used: Oblivious Pseudorandom Functions (OPRFs) and hash-based binning
Protocols like the KKRT framework and VOLE-based constructions exploit this asymmetry to keep client computation and communication minimal while allowing the server to handle massive datasets efficiently.
Server Pre-Computation
A key performance feature of asymmetric PSI is the ability for the server to perform one-time pre-processing on its dataset. This pre-computed state can be reused across many client queries without regeneration.
- Pre-processing: Server encrypts or hashes its entire set once
- Reusability: The same pre-processed data serves all subsequent client queries
- Amortized cost: The heavy cryptographic work is amortized over many interactions
- Storage trade-off: Pre-computed structures may require significant server storage
This design pattern is critical for production deployments where the server's dataset changes infrequently but must handle high query volumes with low latency.
Malicious Security Models
Modern asymmetric PSI protocols can achieve malicious security, protecting against adversaries that arbitrarily deviate from the protocol specification. This is essential for real-world deployments where the server cannot be trusted to follow the protocol honestly.
- Semi-honest model: Assumes parties follow the protocol but may try to learn extra information
- Malicious model: Protects against any deviation, including sending malformed messages
- Cut-and-choose techniques: Used to verify server behavior without revealing private data
- Trade-off: Malicious security adds computational overhead but provides stronger guarantees
Protocols like those based on Vector OLE (VOLE) can achieve malicious security with minimal overhead compared to semi-honest variants, making them practical for production use.
Frequently Asked Questions
Clear, technical answers to the most common questions about asymmetric private set intersection protocols, their security models, and real-world deployment considerations.
Asymmetric private set intersection (PSI) is a cryptographic protocol variant where only one party—typically the client—learns the intersection of two private sets, while the other party—the server—learns nothing at all. This contrasts with symmetric PSI, where both parties learn the intersection result. The asymmetry is fundamental to client-server architectures: a messaging app user wants to discover which of their contacts are on the platform, but the platform should not learn the user's entire address book. Formally, given a client set C and a server set S, the protocol outputs C ∩ S to the client and ⊥ (nothing) to the server. This one-sided output property makes asymmetric PSI the natural fit for contact discovery, private record linkage where only one party needs the match results, and any scenario where one party's dataset is inherently more sensitive or where business logic dictates unilateral knowledge of the overlap.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Asymmetric PSI relies on a stack of cryptographic building blocks and has several specialized variants. Understanding these related terms is essential for selecting the right protocol for a given deployment scenario.
Semi-Honest Security
The most common security model for efficient asymmetric PSI. Assumes both parties follow the protocol specification correctly but may be curious—they will try to infer additional information from the protocol transcript. This is often acceptable for client-server contact discovery where the server has a business reputation to maintain. Provides significantly better performance than malicious security, which defends against arbitrary deviations.
Labeled PSI
An extension where the server's set elements have associated data labels (e.g., public keys, profile photos). In an asymmetric setting, the client learns not only which of their inputs are in the server's set, but also the labels attached to those matching elements. This is critical for contact discovery: the client needs to retrieve the user ID or encryption key for matched contacts, not just a boolean yes/no.
PSI Cardinality
A privacy-preserving variant that reveals only the size of the intersection, not the elements themselves. In an asymmetric context, a client might learn that 15 of their contacts use a service without discovering which 15. This provides an even stronger privacy guarantee for the server's user base. Useful for anonymous analytics, measuring audience overlap, or triggering actions based on a threshold without exposing identities.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us