PSI-Sum is a variant of Private Set Intersection where two parties compute the sum of numerical values linked to the elements in their intersection, without disclosing the intersecting elements themselves or any non-matching data. This protocol allows collaborative analytics—such as calculating total shared revenue or combined user engagement—while maintaining strict input privacy for both participants.
Glossary
PSI-Sum

What is PSI-Sum?
PSI-Sum is a cryptographic protocol that extends Private Set Intersection to reveal only the sum of values associated with the intersecting elements, enabling private aggregate analytics without exposing the underlying intersection set.
The protocol typically operates on a labeled set held by one party, where each element has an associated integer value. The other party learns only the aggregate sum of the labels corresponding to the intersection, not the individual labels or which elements matched. This makes PSI-Sum ideal for privacy-preserving conversion tracking and secure aggregate queries across organizational boundaries.
Key Features of PSI-Sum
PSI-Sum extends standard private set intersection by revealing only the sum of associated values for intersecting elements, not the elements themselves. This enables privacy-preserving aggregate queries across sensitive datasets.
Sum-Only Output
Unlike standard PSI, PSI-Sum reveals only the aggregate sum of values linked to intersecting elements. Neither party learns which specific items were in the intersection, only the total. This is critical for applications like private revenue attribution where knowing how much overlap exists matters more than which customers overlap.
- Protects individual intersection membership
- Reveals only aggregate statistics
- Prevents re-identification via set membership
Labeled PSI Foundation
PSI-Sum builds on Labeled PSI primitives, where one party holds set elements with associated integer values (labels). The protocol computes the intersection and sums the labels corresponding to matched elements. The label holder learns nothing; the querier learns only the sum.
- Extends Labeled PSI with summation logic
- One party provides
(item, value)pairs - Other party provides query items
Additive Homomorphic Encryption
Many PSI-Sum constructions leverage additively homomorphic encryption (e.g., Paillier) to perform summation directly on ciphertexts. The server encrypts its values, the client homomorphically adds only those corresponding to matched elements, and the server decrypts the final sum without learning which elements contributed.
- Enables computation on encrypted values
- Server never sees client's query set
- Client never sees server's individual values
Threshold PSI-Sum Variants
Advanced PSI-Sum protocols support threshold conditions, where the sum is revealed only if the intersection size exceeds a minimum cardinality. This prevents inference attacks where a sum over a single element would expose an individual's value.
- Protects against singleton intersection attacks
- Enforces minimum group size
k - Combines cardinality testing with summation
Real-World Applications
PSI-Sum enables privacy-preserving business analytics across organizations that cannot share raw data. Common use cases include:
- Ad conversion measurement: Summing purchase values from overlapping users without revealing who converted
- Cross-bank fraud detection: Aggregating suspicious transaction values across institutions
- Healthcare cohort analysis: Summing treatment costs for overlapping patient populations
Security Guarantees
PSI-Sum protocols inherit the security model of their underlying PSI construction, typically achieving semi-honest security with efficient implementations. Maliciously secure variants exist using zero-knowledge proofs to verify correct summation, though at higher computational cost.
- Semi-honest: Standard for most deployments
- Malicious: Verifiable computation of the sum
- No information leakage beyond the aggregate
Frequently Asked Questions
Clear, technical answers to the most common questions about PSI-Sum, the private set intersection variant that enables secure aggregate analytics without exposing the underlying intersection set.
PSI-Sum is a cryptographic protocol that allows two parties to compute the sum of values associated with the intersecting elements of their private sets, without revealing the intersection itself or any non-intersecting elements. It extends standard Private Set Intersection (PSI) by attaching integer payloads to one party's set elements. During execution, Party A holds a set of identifiers, Party B holds a set of identifier-value pairs, and the protocol outputs only the total sum of values corresponding to identifiers present in both sets. The underlying construction typically leverages additively homomorphic encryption or oblivious transfer primitives to perform the summation within the encrypted domain, ensuring that neither party learns which specific elements contributed to the final aggregate.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
PSI-Sum builds upon foundational private set intersection protocols and cryptographic primitives. Understanding these related concepts is essential for implementing private aggregate analytics.
Labeled PSI
The direct predecessor to PSI-Sum. In Labeled PSI, one party's set elements have associated data labels, and the other party learns only the labels corresponding to the intersection. PSI-Sum extends this by aggregating those labels (e.g., summing values) rather than revealing them individually.
- Key difference: PSI-Sum reveals only the aggregate, not individual labels
- Use case: Private contact discovery with associated metadata
- Protocols: Often built on OPRF or OT-based constructions
PSI Cardinality
A privacy-preserving variant that reveals only the size of the intersection, not the elements themselves. PSI-Sum can be seen as a generalization where the aggregate function is COUNT.
- Reveals: |X ∩ Y| only
- PSI-Sum relationship: PSI-Sum with all values set to 1 is equivalent to PSI Cardinality
- Applications: Measuring audience overlap without exposing identities
- Efficiency: Often more communication-efficient than full PSI
Secure Aggregation Protocols
Cryptographic methods that allow a central server to compute the sum of model updates from multiple clients without inspecting individual contributions. PSI-Sum solves a related problem for set intersection rather than gradient aggregation.
- Federated learning context: Google's Secure Aggregation for Gboard
- Techniques: Secret sharing, pairwise masking
- PSI-Sum connection: Both compute sums over private inputs without revealing individual values
- Threat model: Typically semi-honest server with curious-but-honest clients
Homomorphic Encryption (HE)
A form of encryption that permits computation directly on ciphertexts. PSI-Sum protocols can leverage HE to compute the sum of intersecting values without decrypting individual contributions.
- Additive HE: Particularly relevant for sum computation (e.g., Paillier)
- Fully Homomorphic Encryption (FHE): Enables arbitrary computation but with higher overhead
- PSI-Sum integration: Encrypt values, compute sum homomorphically, decrypt only the aggregate
- Performance trade-off: Higher computation cost but minimal round complexity
Oblivious Pseudorandom Function (OPRF)
A protocol where a client learns the output of a PRF keyed by a server on the client's input, without the server learning the input or the client learning the key. OPRFs are a core building block for many efficient PSI and PSI-Sum constructions.
- PSI-Sum usage: Encode values as OPRF outputs, then sum matching results
- Security: Prevents the server from learning client set elements
- Efficiency: Can be built from OT extension for high throughput
- Variants: Verifiable OPRFs add proof of correct evaluation
Multiparty PSI
An extension of private set intersection from two to multiple parties. Multiparty PSI-Sum allows a group to compute the sum of values associated with the intersection of their collective datasets.
- Complexity: Grows with the number of parties
- Approaches: Star topology (central server) or peer-to-peer
- PSI-Sum extension: Each party contributes values; only the aggregate sum over the global intersection is revealed
- Applications: Cross-institutional aggregate analytics, supply chain visibility

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us