Inferensys

Glossary

Asymmetric PSI

A variant of private set intersection where only one party learns the intersection result while the other party learns nothing, commonly used in client-server contact discovery applications.
Strategy consultant facilitating AI use case discovery workshop, sticky notes on glass wall, casual corporate meeting.
ONE-SIDED INTERSECTION

What is Asymmetric PSI?

A private set intersection variant where only one party learns the intersection result while the other party learns nothing, commonly used in client-server contact discovery applications.

Asymmetric PSI is a cryptographic protocol variant of Private Set Intersection where the output is revealed exclusively to a single designated party, typically the client. Unlike symmetric PSI where both parties learn the intersection, this construction ensures the server remains oblivious to the result, preventing the server from inferring the client's private input set from the output.

The primary real-world deployment of asymmetric PSI is contact discovery in secure messaging applications. A client queries a server's user database to identify which of their phone contacts are registered users, learning only the intersection while the server learns nothing about the client's address book. This is typically achieved through Oblivious Pseudorandom Functions (OPRFs) or Homomorphic Encryption, ensuring the server cannot enumerate the client's social graph.

ARCHITECTURAL PROPERTIES

Key Features of Asymmetric PSI

Asymmetric Private Set Intersection (PSI) is a cryptographic protocol variant where only one party—typically the client—learns the intersection result, while the other party—the server—learns nothing. This one-sided output is the defining characteristic that distinguishes it from mutual PSI and makes it ideal for client-server applications like contact discovery.

01

One-Sided Output Guarantee

The fundamental property of asymmetric PSI is that only the client receives the intersection result. The server learns absolutely nothing about the client's input set or the resulting intersection. This is cryptographically enforced, not merely a policy choice.

  • Client learns: The elements common to both sets
  • Server learns: Nothing beyond what it already knows (its own set)
  • No leakage: The server cannot distinguish between a client query that yields an intersection and one that yields an empty result

This one-sidedness is what makes the protocol suitable for scenarios where the server's dataset is public or already known to the server, and only the client requires privacy.

Zero
Server Information Gain
02

Client-Server Architecture

Asymmetric PSI is inherently designed for a client-server topology, where the server holds a large, often static dataset and the client queries with a smaller, private set. This architecture reflects real-world applications like messaging contact discovery.

  • Server role: Holds the full dataset (e.g., all registered users) and responds to queries
  • Client role: Initiates the protocol with a private input set (e.g., phone contacts)
  • Communication pattern: Single request-response round trip in optimized protocols
  • Scalability: Server can pre-process its dataset once and serve many clients efficiently

The asymmetry in roles maps directly to the asymmetry in output, creating a natural fit for service-oriented deployments.

1-RTT
Typical Round Complexity
03

Unbalanced Set Sizes

Asymmetric PSI protocols are specifically optimized for highly unbalanced set sizes, where the server's set is orders of magnitude larger than the client's. This is the typical scenario in contact discovery, where a server may hold billions of records while a client queries with hundreds or thousands.

  • Server set size: Can be billions of elements
  • Client set size: Typically hundreds to thousands
  • Optimization: Server computation scales with client set size, not server set size
  • Techniques used: Oblivious Pseudorandom Functions (OPRFs) and hash-based binning

Protocols like the KKRT framework and VOLE-based constructions exploit this asymmetry to keep client computation and communication minimal while allowing the server to handle massive datasets efficiently.

10⁹:10³
Typical Size Ratio
04

Server Pre-Computation

A key performance feature of asymmetric PSI is the ability for the server to perform one-time pre-processing on its dataset. This pre-computed state can be reused across many client queries without regeneration.

  • Pre-processing: Server encrypts or hashes its entire set once
  • Reusability: The same pre-processed data serves all subsequent client queries
  • Amortized cost: The heavy cryptographic work is amortized over many interactions
  • Storage trade-off: Pre-computed structures may require significant server storage

This design pattern is critical for production deployments where the server's dataset changes infrequently but must handle high query volumes with low latency.

Pre-Processing Frequency
05

Malicious Security Models

Modern asymmetric PSI protocols can achieve malicious security, protecting against adversaries that arbitrarily deviate from the protocol specification. This is essential for real-world deployments where the server cannot be trusted to follow the protocol honestly.

  • Semi-honest model: Assumes parties follow the protocol but may try to learn extra information
  • Malicious model: Protects against any deviation, including sending malformed messages
  • Cut-and-choose techniques: Used to verify server behavior without revealing private data
  • Trade-off: Malicious security adds computational overhead but provides stronger guarantees

Protocols like those based on Vector OLE (VOLE) can achieve malicious security with minimal overhead compared to semi-honest variants, making them practical for production use.

~2-3×
Malicious Overhead Factor
ASYMMETRIC PSI

Frequently Asked Questions

Clear, technical answers to the most common questions about asymmetric private set intersection protocols, their security models, and real-world deployment considerations.

Asymmetric private set intersection (PSI) is a cryptographic protocol variant where only one party—typically the client—learns the intersection of two private sets, while the other party—the server—learns nothing at all. This contrasts with symmetric PSI, where both parties learn the intersection result. The asymmetry is fundamental to client-server architectures: a messaging app user wants to discover which of their contacts are on the platform, but the platform should not learn the user's entire address book. Formally, given a client set C and a server set S, the protocol outputs C ∩ S to the client and (nothing) to the server. This one-sided output property makes asymmetric PSI the natural fit for contact discovery, private record linkage where only one party needs the match results, and any scenario where one party's dataset is inherently more sensitive or where business logic dictates unilateral knowledge of the overlap.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.