Documentation ¶
Overview ¶
Package client for the client-side of the Private Set Intersection protocol.
In PSI, two parties (client and server) each hold a dataset, and at the end of the protocol the client learns the size of the intersection of both datasets, while no party learns anything beyond that (cardinality mode).
This variant of PSI introduces a small false-positive rate (i.e., the reported cardinality will be slightly larger than the actual cardinality. The false positive rate can be tuned by the server.
The protocol works as follows.
1. Setup phase
The server encrypts all its elements x under a commutative encryption scheme, computing H(x)^s where s is its secret key. The encrypted elements are then inserted in a Bloom filter, which is sent to the client in the form of a serialized protobuf. The protobuf has the following form:
{ "num_hash_functions": <int>, "bits": <string> }
Here, `bits` is a binary string.
2. Client request
The client encrypts all their elements x using the commutative encryption scheme, computing H(x)^c, where c is the client's secret key. The encoded elements are sent to the server as an array together with a boolean reveal_intersection that indicates whether the client wants to learn the elements in the intersection or only its size. The payload is sent as a serialized protobuf to the client and holds the following form:
{ "reveal_intersection": <bool>, "encrypted_elements": [ H(x_1)^c, H(x_2)^c, ... ] }
3. Server response
For each encrypted element H(x)^c received from the client, the server encrypts it again under the commutative encryption scheme with its secret key s, computing (H(x)^c)^s = H(x)^(cs). The result is sent back to the client as a serialized protobuf holding the following form:
{ "encrypted_elements": [ H(x_1)^c, H(x_2)^c, ... ] }
If reveal_intersection is false, the array is sorted to hide the order of entries from the client.
4. Client computes intersection
The client decrypts each element received from the server's response using its secret key c, computing (H(x)^(cs))^(1/c) = H(x)^s. It then checks if each element is present in the Bloom filter, and reports the number of matches as the intersection size.
Index ¶
- type PsiClient
- func (c *PsiClient) CreateRequest(rawInput []string) (*psi_proto.Request, error)
- func (c *PsiClient) Destroy()
- func (c *PsiClient) GetIntersection(serverSetupProto *psi_proto.ServerSetup, ...) ([]int64, error)
- func (c *PsiClient) GetIntersectionSize(serverSetupProto *psi_proto.ServerSetup, ...) (int64, error)
- func (c *PsiClient) GetPrivateKeyBytes() ([]byte, error)
- func (c *PsiClient) Version() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PsiClient ¶
type PsiClient struct {
// contains filtered or unexported fields
}
PsiClient context for the client side of a Private Set Intersection protocol.
func CreateFromKey ¶
CreateFromKey creates and returns a new client instance with the provided private key.
Returns an error if any crypto operations fail.
func CreateWithNewKey ¶
CreateWithNewKey creates and returns a new client instance with a fresh private key. WARNING: This function should be used with caution, since reusing the client key for multiple requests can reveal information about the input sets. If in doubt, use `CreateWithNewKey`.
Returns an error if any crypto operations fail.
func (*PsiClient) CreateRequest ¶
CreateRequest - Creates a request protobuf to be serialized and sent to the server. For each input element x, computes H(x)^c, where c is the secret key of ec_cipher_.
Returns an error if the context is invalid or if the encryption fails.
func (*PsiClient) GetIntersection ¶
func (c *PsiClient) GetIntersection(serverSetupProto *psi_proto.ServerSetup, serverResponseProto *psi_proto.Response) ([]int64, error)
GetIntersection - processes the server's response and returns the intersection of the client and server inputs. Use this function if this instance was created with `reveal_intersection = true`. The first argument, `server_setup`, is a bloom filter that encodes encrypted server elements and is sent by the server in a setup phase. The second argument, `server_response`, is the response received from the server after sending the result of `CreateRequest`.
Returns INVALID_ARGUMENT if any input messages are malformed, or INTERNAL if decryption fails.
func (*PsiClient) GetIntersectionSize ¶
func (c *PsiClient) GetIntersectionSize(serverSetupProto *psi_proto.ServerSetup, serverResponseProto *psi_proto.Response) (int64, error)
GetIntersectionSize - reveals the size of the intersection. Use this function if this instance was created with `reveal_intersection = false`.
Returns INVALID_ARGUMENT if any input messages are malformed, or INTERNAL if decryption fails.
func (*PsiClient) GetPrivateKeyBytes ¶
GetPrivateKeyBytes - returns this instance's private key. This key should only be used to create other client instances. DO NOT SEND THIS KEY TO ANY OTHER PARTY!