Two parties with private data sets can find shared elements using a Private Set Intersection (PSI) protocol without revealing any information beyond the intersection. Circuit PSI protocols privately compute an arbitrary function of the intersection - such as its cardinality, and are often employed in an unbalanced setting where one party has more data than the other. Existing protocols are either computationally inefficient or require extensive server-client communication on the order of the larger set. We introduce Practically Efficient PSI or PEPSI, a non-interactive solution where only the client sends its encrypted data. PEPSI can process an intersection of 1024 client items with a million server items in under a second, using less than 5 MB of communication. Our work is over 4 orders of magnitude faster than an existing non-interactive circuit PSI protocol and requires only 10% of the communication. It is also up to 20 times faster than the work of Ion et al., which computes a limited set of functions and has communication costs proportional to the larger set. Our work is the first to demonstrate that non-interactive circuit PSI can be practically applied in an unbalanced setting.

翻译：两方持有私有数据集时，可通过隐私集合求交（PSI）协议在不泄露交集之外任何信息的前提下，找出共有元素。电路级PSI协议能私密计算交集的任意函数（如基数），且常应用于一方数据量远大于另一方的不平衡场景。现有协议要么计算效率低下，要么需要服务器与客户端间传输与较大数据集规模相当的通信量。我们提出实用高效PSI（PEPSI）——一种仅需客户端发送加密数据的非交互式方案。当客户端有1024个元素、服务器有百万级元素时，PEPSI可在1秒内完成交集计算，通信量低于5 MB。相较于现有非交互式电路PSI协议，本工作提速超4个数量级，通信量仅为其10%。与Ion等人的工作相比（其仅能计算有限函数，且通信开销与较大数据集规模线性相关），PEPSI也快达20倍。这是首次证明非交互式电路PSI在不平衡环境中具有实际应用价值。