Private Set Intersection (PSI) is a secure multi-party computation protocol where parties discover common elements across their input sets without disclosing any non-intersecting items. The protocol ensures that after execution, each party learns only the intersection and nothing else about the other party's exclusive data, providing a formal cryptographic guarantee of data minimization.
Glossary
Private Set Intersection (PSI)

What is Private Set Intersection (PSI)?
Private Set Intersection (PSI) is a cryptographic protocol enabling two or more parties to compute the intersection of their private datasets while revealing nothing about elements outside that intersection.
PSI protocols rely on foundational primitives including Oblivious Transfer (OT), homomorphic encryption, and garbled circuits to perform private equality checks. Modern implementations leverage OT extension and hashing techniques like Cuckoo hashing to achieve linear communication complexity, making them practical for large-scale applications such as privacy-preserving record linkage, contact discovery, and collaborative fraud detection across competing institutions.
Key Properties of PSI Protocols
Private Set Intersection protocols are evaluated across several critical dimensions that determine their suitability for real-world deployment. These properties govern security guarantees, computational efficiency, and communication complexity.
Correctness
The fundamental guarantee that the protocol outputs the exact intersection of the input sets. A correct PSI protocol ensures that every element in the output is genuinely present in both parties' inputs (soundness), and every element present in both inputs appears in the output (completeness).
- Perfect correctness: The intersection is computed without any error probability
- Statistical correctness: A negligible probability of error exists, typically bounded by a security parameter (e.g., 2^-40)
- Failure modes include hash collisions in Bloom filter-based constructions or decryption failures in lattice-based schemes
Security Against Malicious Adversaries
The strongest adversarial model where a corrupt party may arbitrarily deviate from the protocol specification to learn the other party's private inputs. Protocols secure in this model must enforce honest behavior through cryptographic mechanisms.
- Input consistency checks: Verifying that a party's input set is well-formed and consistent across all protocol rounds
- Cut-and-choose techniques: Used in garbled circuit-based PSI to detect cheating with high probability
- Zero-knowledge proofs: Attached to each protocol message to prove correct computation without revealing secrets
- Protocols like PSI from Oblivious Pseudorandom Functions (OPRF) can be upgraded to malicious security with relatively low overhead compared to semi-honest variants
Semi-Honest Security Model
Also known as honest-but-curious, this model assumes all parties follow the protocol exactly but may attempt to infer additional information from the messages they receive. It is the baseline security guarantee for most efficient PSI constructions.
- Adversaries do not deviate from the protocol specification
- Protects against passive observation and traffic analysis
- Significantly more efficient than malicious-secure protocols due to the absence of heavy zero-knowledge proofs
- Suitable for environments where participants are trusted to execute correctly but data must remain confidential, such as inter-departmental analytics within a single organization
Communication Complexity
The total amount of data exchanged between parties during protocol execution, measured in bits or bytes. This is often the bottleneck in wide-area network deployments and directly impacts latency.
- Linear complexity O(n): Grows proportionally with set size; achieved by modern OPRF-based protocols
- Sublinear complexity: Achieved by protocols using fully homomorphic encryption or polynomial representations, but with higher computational cost
- Asymmetric communication: Some protocols minimize sender-to-receiver bandwidth at the expense of the reverse direction, useful for mobile clients
- Real-world benchmarks: KKRT16 protocol achieves approximately 0.5 MB of communication per 1,000 elements at the 128-bit security level
Computational Complexity
The processing overhead required by each party, typically dominated by public-key cryptographic operations such as exponentiations, elliptic curve scalar multiplications, or homomorphic encryption evaluations.
- Oblivious Pseudorandom Function (OPRF) evaluation is the dominant cost in modern PSI protocols, requiring one oblivious transfer per input element
- Asymmetric computation: Protocols can be designed to shift the computational burden to the larger or more powerful party
- Preprocessing models: Heavy cryptographic operations can be performed offline before the inputs are known, dramatically reducing online phase latency
- Hardware acceleration via AES-NI and vectorized elliptic curve operations can reduce computation time by an order of magnitude
Input Size Hiding
A privacy property beyond basic PSI that conceals the cardinality of each party's input set. Without this guarantee, the protocol reveals the size of the intersection, which can leak sensitive information about the underlying data.
- Standard PSI reveals the intersection size to at least one party by default
- Fully size-hiding PSI: Hides both input set sizes from the other party, often achieved through padding to an upper bound
- Differential privacy integration: Adding calibrated noise to the intersection size to provide formal privacy guarantees
- Critical in applications where set size itself is sensitive, such as contact tracing where the number of contacts reveals social activity patterns
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear, technical answers to the most common questions about Private Set Intersection protocols, their implementation, and their role in privacy-preserving computation.
Private Set Intersection (PSI) is a cryptographic protocol that allows two or more parties to compute the intersection of their private datasets without revealing any elements outside the intersection to the other parties. The protocol ensures that each party learns only the elements common to all input sets and nothing else. The foundational mechanism typically relies on oblivious transfer (OT) extensions and hashing techniques. In a common two-party PSI, the sender hashes their set elements into a data structure (such as a Cuckoo filter or Bloom filter), and the receiver obliviously queries this structure using their own elements. The receiver only learns whether each of their elements exists in the sender's set, while the sender learns nothing about the receiver's queries. Modern implementations like KKRT16 and PSZ14 leverage OT extension and oblivious pseudorandom functions (OPRFs) to achieve near-linearithmic complexity, making PSI practical for datasets containing millions of records.
Related Terms
Private Set Intersection relies on a constellation of foundational cryptographic techniques and is a critical building block for higher-level privacy-preserving applications.
Oblivious Transfer (OT)
A fundamental cryptographic primitive where a sender transmits one of potentially many pieces of information to a receiver, but remains oblivious to which piece was selected. PSI protocols, particularly those based on Oblivious Transfer Extension, use OT as a core building block to efficiently compare encoded set elements without revealing non-matching items. Modern OT extension techniques dramatically reduce the reliance on expensive public-key operations, making PSI practical for large datasets.
Garbled Circuits
A cryptographic protocol, introduced by Andrew Yao, that enables two parties to jointly evaluate a boolean circuit over their private inputs without revealing those inputs to each other. In the context of PSI, garbled circuits can be used to compute the intersection function itself, especially in circuit-based PSI protocols. The Free-XOR optimization is critical here, allowing XOR gates to be evaluated without cryptographic operations, significantly reducing the computational overhead of comparing hashed set elements.
Homomorphic Encryption (HE)
A cryptographic scheme that allows computation directly on encrypted data, enabling private inference and training without exposing raw inputs. In PSI, Somewhat Homomorphic Encryption (SHE) or Fully Homomorphic Encryption (FHE) can be used to evaluate a polynomial representing a client's set on a server's encrypted set. This allows the server to compute the intersection without learning the client's elements, and the client decrypts only the matching results. HE-based PSI often features low communication but higher computation.
Cuckoo Hashing
A hashing algorithm that resolves collisions by relocating existing keys to alternative positions using two or more hash functions. In PSI, Cuckoo Hashing is a critical optimization technique used to pack set elements into a dense table structure. This allows protocols to perform batch-wise comparisons and reduces the number of expensive cryptographic operations. The technique ensures that each bin contains at most one element with high probability, enabling constant-time lookups during the private comparison phase.
Bloom Filters
A space-efficient probabilistic data structure used to test whether an element is a member of a set. In PSI, Bloom Filters can encode one party's set, allowing the other party to query for membership privately. However, standard Bloom Filters leak information through false positives. Garbled Bloom Filters (GBF) address this by using garbled circuit techniques to create a filter that reveals nothing during a query unless the item is in the intersection, forming the basis of efficient, semi-honest PSI protocols.
Differential Privacy (DP)
A mathematical framework that provides provable privacy guarantees by injecting calibrated noise into computation outputs. When combined with PSI, Differentially Private PSI ensures that the size of the intersection or the elements themselves do not leak information about individual records. This is crucial when the intersection result itself is sensitive, such as in genomic cohort discovery or contact tracing, where revealing that two parties share a specific data point could constitute a privacy breach.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us