Inferensys

Glossary

Private Set Intersection (PSI)

A cryptographic protocol that allows two or more parties to compute the intersection of their private datasets without revealing any elements outside the intersection to the other parties.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.

What is Private Set Intersection (PSI)?

Private Set Intersection (PSI) is a cryptographic protocol enabling two or more parties to compute the intersection of their private datasets while revealing nothing about elements outside that intersection.

Private Set Intersection (PSI) is a secure multi-party computation protocol where parties discover common elements across their input sets without disclosing any non-intersecting items. The protocol ensures that after execution, each party learns only the intersection and nothing else about the other party's exclusive data, providing a formal cryptographic guarantee of data minimization.

PSI protocols rely on foundational primitives including Oblivious Transfer (OT), homomorphic encryption, and garbled circuits to perform private equality checks. Modern implementations leverage OT extension and hashing techniques like Cuckoo hashing to achieve linear communication complexity, making them practical for large-scale applications such as privacy-preserving record linkage, contact discovery, and collaborative fraud detection across competing institutions.

PROTOCOL DESIGN PRIMITIVES

Key Properties of PSI Protocols

Private Set Intersection protocols are evaluated across several critical dimensions that determine their suitability for real-world deployment. These properties govern security guarantees, computational efficiency, and communication complexity.

01

Correctness

The fundamental guarantee that the protocol outputs the exact intersection of the input sets. A correct PSI protocol ensures that every element in the output is genuinely present in both parties' inputs (soundness), and every element present in both inputs appears in the output (completeness).

  • Perfect correctness: The intersection is computed without any error probability
  • Statistical correctness: A negligible probability of error exists, typically bounded by a security parameter (e.g., 2^-40)
  • Failure modes include hash collisions in Bloom filter-based constructions or decryption failures in lattice-based schemes
02

Security Against Malicious Adversaries

The strongest adversarial model where a corrupt party may arbitrarily deviate from the protocol specification to learn the other party's private inputs. Protocols secure in this model must enforce honest behavior through cryptographic mechanisms.

  • Input consistency checks: Verifying that a party's input set is well-formed and consistent across all protocol rounds
  • Cut-and-choose techniques: Used in garbled circuit-based PSI to detect cheating with high probability
  • Zero-knowledge proofs: Attached to each protocol message to prove correct computation without revealing secrets
  • Protocols like PSI from Oblivious Pseudorandom Functions (OPRF) can be upgraded to malicious security with relatively low overhead compared to semi-honest variants
03

Semi-Honest Security Model

Also known as honest-but-curious, this model assumes all parties follow the protocol exactly but may attempt to infer additional information from the messages they receive. It is the baseline security guarantee for most efficient PSI constructions.

  • Adversaries do not deviate from the protocol specification
  • Protects against passive observation and traffic analysis
  • Significantly more efficient than malicious-secure protocols due to the absence of heavy zero-knowledge proofs
  • Suitable for environments where participants are trusted to execute correctly but data must remain confidential, such as inter-departmental analytics within a single organization
04

Communication Complexity

The total amount of data exchanged between parties during protocol execution, measured in bits or bytes. This is often the bottleneck in wide-area network deployments and directly impacts latency.

  • Linear complexity O(n): Grows proportionally with set size; achieved by modern OPRF-based protocols
  • Sublinear complexity: Achieved by protocols using fully homomorphic encryption or polynomial representations, but with higher computational cost
  • Asymmetric communication: Some protocols minimize sender-to-receiver bandwidth at the expense of the reverse direction, useful for mobile clients
  • Real-world benchmarks: KKRT16 protocol achieves approximately 0.5 MB of communication per 1,000 elements at the 128-bit security level
05

Computational Complexity

The processing overhead required by each party, typically dominated by public-key cryptographic operations such as exponentiations, elliptic curve scalar multiplications, or homomorphic encryption evaluations.

  • Oblivious Pseudorandom Function (OPRF) evaluation is the dominant cost in modern PSI protocols, requiring one oblivious transfer per input element
  • Asymmetric computation: Protocols can be designed to shift the computational burden to the larger or more powerful party
  • Preprocessing models: Heavy cryptographic operations can be performed offline before the inputs are known, dramatically reducing online phase latency
  • Hardware acceleration via AES-NI and vectorized elliptic curve operations can reduce computation time by an order of magnitude
06

Input Size Hiding

A privacy property beyond basic PSI that conceals the cardinality of each party's input set. Without this guarantee, the protocol reveals the size of the intersection, which can leak sensitive information about the underlying data.

  • Standard PSI reveals the intersection size to at least one party by default
  • Fully size-hiding PSI: Hides both input set sizes from the other party, often achieved through padding to an upper bound
  • Differential privacy integration: Adding calibrated noise to the intersection size to provide formal privacy guarantees
  • Critical in applications where set size itself is sensitive, such as contact tracing where the number of contacts reveals social activity patterns
PRIVATE SET INTERSECTION

Frequently Asked Questions

Clear, technical answers to the most common questions about Private Set Intersection protocols, their implementation, and their role in privacy-preserving computation.

Private Set Intersection (PSI) is a cryptographic protocol that allows two or more parties to compute the intersection of their private datasets without revealing any elements outside the intersection to the other parties. The protocol ensures that each party learns only the elements common to all input sets and nothing else. The foundational mechanism typically relies on oblivious transfer (OT) extensions and hashing techniques. In a common two-party PSI, the sender hashes their set elements into a data structure (such as a Cuckoo filter or Bloom filter), and the receiver obliviously queries this structure using their own elements. The receiver only learns whether each of their elements exists in the sender's set, while the sender learns nothing about the receiver's queries. Modern implementations like KKRT16 and PSZ14 leverage OT extension and oblivious pseudorandom functions (OPRFs) to achieve near-linearithmic complexity, making PSI practical for datasets containing millions of records.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.