Inferensys

Glossary

Delegated PSI

A private set intersection variant where computationally intensive operations are outsourced to a third-party server without the server learning the private inputs or the intersection result.
Operations room with a large monitor wall for system visibility and control.
OUTSOURCED PRIVATE COMPUTATION

What is Delegated PSI?

A cryptographic protocol variant that offloads the heavy computation of private set intersection to an untrusted third-party server without revealing the private input sets or the final intersection result to that server.

Delegated PSI is a private set intersection variant where the computationally intensive operations are outsourced to a third-party server without the server learning the private inputs or the intersection result. This architecture allows two resource-constrained clients to compute the overlap between their datasets by leveraging a powerful but untrusted cloud server, while maintaining cryptographic guarantees that the server remains completely oblivious to both the raw data and the final output.

The protocol typically relies on a combination of homomorphic encryption and oblivious pseudorandom functions to ensure the server can process encrypted data without decryption. Unlike standard two-party PSI, delegated PSI reduces the client-side computational burden to near-constant complexity, making it practical for mobile devices or thin clients performing contact discovery or private record linkage against large remote databases.

ARCHITECTURE

Key Features of Delegated PSI

Delegated Private Set Intersection offloads the heavy cryptographic lifting to a powerful third-party server without compromising the confidentiality of the inputs or the final result.

01

Computational Offloading

The core value proposition is shifting O(n) or O(n log n) cryptographic operations from weak clients to a robust server. Clients perform only lightweight, constant-time operations—typically a single round of encryption or hashing—while the server handles the heavy comparison logic.

  • Client Complexity: O(1) or O(output size)
  • Server Role: Executes the secure comparison protocol on behalf of clients
  • Benefit: Enables PSI on mobile devices, IoT sensors, and browser-based applications
02

Server Unawareness Guarantee

The delegated server learns nothing about the private input sets or the resulting intersection. This is enforced through cryptographic blinding: clients mask their data with secret keys before transmission.

  • Input Privacy: Server sees only randomized or encrypted representations
  • Output Privacy: Intersection result is encrypted so only the authorized client can decrypt it
  • Mechanism: Typically achieved via Oblivious Pseudorandom Functions (OPRF) or Homomorphic Encryption (HE) evaluated by the server on blinded inputs
03

Dual-Client Delegation Model

In the standard two-party setting, both clients delegate computation to a single server. Each client independently blinds their set and sends it to the server, which computes the intersection over the blinded representations and returns the encrypted result.

  • Symmetric Delegation: Both parties benefit equally from offloading
  • Non-Collusion Assumption: Security typically relies on the server not colluding with either client
  • Use Case: Two hospitals delegating patient record matching to a cloud server without revealing their full patient rosters
04

Single-Client Outsourcing Variant

A variant where one party is resource-constrained and delegates to a server, while the other party runs the full protocol. The server acts as a proxy for the weak client.

  • Asymmetric Model: Only one client benefits from delegation
  • Server-Client Interaction: Server and strong party execute a standard PSI protocol on behalf of the weak client
  • Application: A mobile app (weak client) querying a corporate database (strong party) for contact discovery, with a cloud server performing the heavy matching
05

Verifiability of Computation

Advanced delegated PSI protocols incorporate verifiable computation to ensure the server performed the intersection correctly and didn't return a falsified or incomplete result.

  • Proof Generation: Server produces a cryptographic proof of correct execution
  • Client Verification: Client checks the proof in sub-linear time without re-executing the protocol
  • Techniques: Leverages Zero-Knowledge Proofs (ZKPs) or Verifiable Polynomial Delegation to guarantee integrity without sacrificing privacy
06

Multi-Key Homomorphic Encryption Backend

Many delegated PSI constructions use Multi-Key Fully Homomorphic Encryption (MK-FHE) or Threshold HE, where clients encrypt under independent keys and the server evaluates the intersection circuit directly on the combined ciphertexts.

  • Key Independence: Each client uses their own secret key; no shared key setup required
  • Distributed Decryption: The final result can only be decrypted through a collaborative protocol among authorized parties
  • Advantage: Eliminates the need for clients to be online simultaneously during the server's computation phase
DELEGATED PSI

Frequently Asked Questions

Clear answers to common questions about delegated private set intersection, a variant that offloads computation to third-party servers without compromising data privacy.

Delegated PSI is a variant of private set intersection where the computationally intensive operations are outsourced to one or more third-party servers without those servers learning the private inputs or the intersection result. In a standard two-party PSI, both data owners must remain online and perform cryptographic operations proportional to their set sizes. Delegated PSI shifts this burden to a cloud server or service provider. The protocol works by having the data owners encrypt or mask their sets using secret keys, then transmit the protected data to the server. The server performs the heavy matching computation over the encrypted or encoded representations and returns the result to the authorized parties. Crucially, the server remains oblivious to the underlying plaintext values and the final intersection. This is achieved through techniques such as homomorphic encryption, oblivious pseudorandom functions (OPRF) , or garbled circuits combined with secret sharing. For example, in a typical construction, each client applies a one-way function keyed with their own secret to their set elements, sends the hashed values to the server, and the server computes the intersection over the doubly-encrypted domain. Only the clients who hold the corresponding keys can decrypt the result. Delegated PSI is particularly valuable for mobile contact discovery, where a lightweight client delegates matching to a server without revealing their address book, and for collaborative analytics across multiple hospitals that lack the infrastructure to run heavyweight cryptographic protocols directly.

PRACTICAL DEPLOYMENTS

Real-World Applications of Delegated PSI

Delegated PSI shifts the heavy cryptographic lifting to powerful cloud servers without exposing sensitive data. Here are the key scenarios where this architecture unlocks privacy-preserving collaboration at scale.

02

Cross-Institutional Healthcare Analytics

Hospitals and research centers use Delegated PSI to identify overlapping patient cohorts for clinical trials without revealing their full patient rosters. A semi-trusted cloud server performs the heavy cryptographic matching.

  • Input: Encrypted patient identifiers from multiple institutions
  • Computation: Delegated server finds intersections obliviously
  • Output: Only authorized researchers learn the matching cohort size and labels

This enables multi-site studies while maintaining HIPAA compliance and patient privacy.

03

Financial Fraud Consortiums

Banks collaborate to detect fraudulent accounts and money laundering rings by privately intersecting their transaction watchlists. Delegated PSI allows a third-party auditor to run the intersection without accessing raw customer data.

  • Setup: Each bank encrypts its suspicious entity list
  • Delegation: Cloud server computes overlaps across all institutions
  • Outcome: Consortium learns shared fraud indicators without exposing proprietary customer bases

This preserves competitive confidentiality while strengthening collective defense against financial crime.

04

Mobile Device Private Keyword Matching

A resource-constrained smartphone can delegate PSI computation to a cloud server to check if locally typed keywords match a sensitive server-side database, such as a content moderation blocklist or threat intelligence feed.

  • Client: Generates encrypted query from local input
  • Delegated Server: Performs heavy OT-based matching against the database
  • Result: Phone learns only if a match exists, server learns nothing

This offloads battery-draining cryptography while keeping user keystrokes and server blocklists mutually private.

05

Supply Chain Risk Assessment

Manufacturers and suppliers use Delegated PSI to check for sanctioned entities or prohibited materials across their partner networks. A neutral cloud platform runs the intersection without exposing each company's full supplier list.

  • Input: Encrypted supplier identifiers and material codes
  • Computation: Delegated server cross-references against compliance databases
  • Output: Companies learn only about overlapping risks

This enables regulatory compliance across complex multi-tier supply chains without revealing competitive sourcing strategies.

06

Advertising Conversion Measurement

Advertisers and publishers use Delegated PSI to measure campaign conversion rates by intersecting user impression logs with purchase records, all processed by a neutral measurement service.

  • Ad Platform: Uploads encrypted impression data
  • Advertiser: Uploads encrypted conversion data
  • Delegated Server: Computes intersection cardinality and aggregate metrics

This delivers accurate attribution analytics without exposing individual user behavior to either party, aligning with privacy-preserving ad tech standards.

PROTOCOL COMPARISON

Delegated PSI vs. Standard PSI vs. FHE-Based PSI

Architectural and performance comparison of three private set intersection paradigms for outsourced computation scenarios.

FeatureDelegated PSIStandard PSIFHE-Based PSI

Computation Model

Outsourced to third-party server

Direct two-party interaction

Computation on encrypted data

Server Learns Intersection

Client Computation

O(set size) lightweight ops

O(set size) cryptographic ops

O(set size) encryption ops

Round Complexity

2-3 rounds

2-4 rounds

1-2 rounds

Communication Complexity

O(n log n)

O(n)

O(n log n) to O(n²)

Requires Trusted Hardware

Post-Quantum Ready

Depends on underlying primitives

Depends on underlying primitives

Bandwidth Efficiency

High (server handles heavy lifting)

Moderate

Low (large ciphertext expansion)

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.