Estimating Incidental Collection in Foreign Intelligence Surveillance
Large Scale Multiparty Private Set Intersection with Union and Sum
Instructions
This example is a gross simplification. Please refer to the paper for the exact protocol. In this example, there are 4 participants: Intelligence Community, Email Service 1, Email Service 2, Email Service 3. For simplicity, all participants have input tables of the same size. Hover over each table to view a list of participants it is visible to. Random tables can be generated by selecting the table and intersection sizes below.
5
3
Setup
Each participant builds an input table consisting of email addresses. Intelligence Community's input table X0 contains all addresses they incidentally collected emails to or from. Service providers' input tables X1, X2, X3 contain all email addresses believed to be controlled by users located in the U.S. πΊπΈ
X0 (Intelligence Community)
biolog_1133@email4.com
clump1088@email3.com
attitu.1864@email2.com
shell.977@email1.com
displa.935@email4.com
X1 (Email Service 1)
shell.977@email1.com πΊπΈ
stay.1227@email1.com πΊπΈ
palace503@email1.com πΊπΈ
crash_874@email1.com πΊπΈ
egg.1168@email1.com πΊπΈ
X2 (Email Service 2)
sad_2029@email2.com πΊπΈ
attitu.1864@email2.com πΊπΈ
hazard752@email2.com πΊπΈ
expect.756@email2.com πΊπΈ
approv_1419@email2.com πΊπΈ
X3 (Email Service 3)
hen.13@email3.com πΊπΈ
embark2028@email3.com πΊπΈ
marine.2047@email3.com πΊπΈ
clump1088@email3.com πΊπΈ
glad_742@email3.com πΊπΈ
Protocol
The Intelligence Community generates a random blinding key and blinds its input table as elliptic curve points in M.
Email Service 1 uses M, X1 to build R1. Email Service 2 uses M, X2, R1 to build R2. Email Service 3 uses M, X3, R2 to build R3. R1, R2, and R3 contain two elliptic curve points in each row.
M
d60e15...cca85e
1ee60e...840d6f
b4c394...25bd62
38ea05...373372
ec4eeb...7be21c
R1
4e5382...a70b4d & 7ec79f...80955f
4a7883...bcf04f & fcce37...672a10
d0a9ca...3a827f & 4899dc...293a6c
5e509c...2d8a5c & f6f651...d38362
04ee94...c39a21 & 3016a3...757e3e
R2
dea1dd...5f7531 & d075be...e31520
8cba08...aaf51d & 8ef3b0...f2124e
6c0744...6c430f & 56a4b3...240f46
462382...fdaa69 & 342669...0cec3a
d87fbc...7d775b & d403bb...486478
R3
dea717...65276e & 560c5d...1d7778
044ffc...c12813 & 6ee26b...609206
568884...41747c & 36374c...7dc855
3c7a59...041a53 & 5c79c7...681e3b
dccdc1...8f1939 & e0347d...17f66f
Email Service 3 uses M, R3 to build a shuffled and encrypted table B.
M
d60e15...cca85e
1ee60e...840d6f
b4c394...25bd62
38ea05...373372
ec4eeb...7be21c
R (created by Service 3)
dea717...65276e & 560c5d...1d7778
044ffc...c12813 & 6ee26b...609206
568884...41747c & 36374c...7dc855
3c7a59...041a53 & 5c79c7...681e3b
dccdc1...8f1939 & e0347d...17f66f
B
568884...41747c & 605fff...63c684
dea717...65276e & 44494a...0f49ee
044ffc...c12813 & 047c9c...d502f4
3c7a59...041a53 & e74fc8...5cdca8
dccdc1...8f1939 & 686400...5e64c1
Intelligence Community computes the intersection size using B and the blinding key .