Secure data join enables two parties with vertically distributed data to securely compute the joined table, allowing the parties to perform downstream Secure multi-party computation-based Data Analytics (SDA), such as training machine learning models, based on the joined table. While Circuit-based Private Set Intersection (CPSI) can be used for secure data join, it introduces redundant dummy rows in the joined table, which results in high overhead in the downstream SDA tasks. iPrivJoin addresses this issue but introduces significant communication overhead in the redundancy removal process, as it relies on the cryptographic primitive OPPRF for data encoding and multiple rounds of oblivious shuffles. In this paper, we propose a much simpler secure data join protocol, Bifrost, which outputs (the secret shares of) a redundancy-free joined table. The highlight of Bifrost lies in its simplicity: it builds upon two conceptually simple building blocks, an ECDH-PSI protocol and a two-party oblivious shuffle protocol. The lightweight protocol design allows Bifrost to avoid the need for OPPRF. We also proposed a simple optimization named \textit{dual mapping} that reduces the rounds of oblivious shuffle needed from two to one. Experiments on datasets of up to 100 GB show that Bifrost achieves $2.54 \sim 22.32\times$ speedup and reduces the communication by $84.15\% \sim 88.97\%$ compared to the SOTA redundancy-free secure data join protocol iPrivJoin. Notably, the communication size of Bifrost is nearly equal to the size of the input data. In the two-step SDA pipeline evaluation (secure join and SDA), the redundancy-free property of Bifrost not only avoids the catastrophic error rate blowup in the downstream tasks caused by the dummy rows in the joined table (as introduced in CPSI), but also shows up to $2.80\times$ speed-up in the SDA process with up to $73.15\%$ communication reduction.

翻译：安全数据连接使拥有垂直分布数据的两方能够安全地计算连接表，从而允许双方基于连接表执行下游基于安全多方计算的数据分析（SDA），例如训练机器学习模型。虽然基于电路的隐私集合求交（CPSI）可用于安全数据连接，但它会在连接表中引入冗余的虚拟行，这导致下游SDA任务产生高开销。iPrivJoin解决了这一问题，但在冗余消除过程中引入了显著的通信开销，因为它依赖于密码学原语OPPRF进行数据编码以及多轮不经意洗牌。本文提出了一种更简单的安全数据连接协议Bifrost，它输出（秘密共享的）无冗余连接表。Bifrost的亮点在于其简洁性：它建立在两个概念上简单的构建模块之上，即一个ECDH-PSI协议和一个两方不经意洗牌协议。轻量级的协议设计使Bifrost无需使用OPPRF。我们还提出了一种名为“双重映射”的简单优化，将所需的不经意洗牌轮数从两轮减少到一轮。在高达100 GB的数据集上的实验表明，与最先进的无冗余安全数据连接协议iPrivJoin相比，Bifrost实现了$2.54 \sim 22.32$倍的加速，并减少了$84.15\% \sim 88.97\%$的通信开销。值得注意的是，Bifrost的通信量几乎等于输入数据的大小。在两步SDA流程评估（安全连接与SDA）中，Bifrost的无冗余特性不仅避免了连接表中虚拟行（如CPSI引入的）导致的下游任务中灾难性的错误率激增，而且在SDA过程中实现了高达$2.80$倍的加速，通信开销减少了高达$73.15\%$。