Estimating Incidental Collection in Foreign Intelligence Surveillance
Large Scale Multiparty Private Set Intersection with Union and Sum
Instructions
This example is a gross simplification. Please refer to the paper for the exact protocol. In this example, there are 4 participants: Intelligence Community, Email Service 1, Email Service 2, Email Service 3. For simplicity, all participants have input tables of the same size. Hover over each table to view a list of participants it is visible to. Random tables can be generated by selecting the table and intersection sizes below.
5
3
Setup
Each participant builds an input table consisting of email addresses. Intelligence Community's input table X0 contains all addresses they incidentally collected emails to or from. Service providers' input tables X1, X2, X3 contain all email addresses believed to be controlled by users located in the U.S. πΊπΈ
X0 (Intelligence Community)
day.525@email4.com
vivid.651@email4.com
ladder_1319@email1.com
foster_1821@email3.com
pizza.96@email3.com
X1 (Email Service 1)
fence.1784@email1.com πΊπΈ
enough82@email1.com πΊπΈ
ladder_1319@email1.com πΊπΈ
innoce414@email1.com πΊπΈ
peace_1060@email1.com πΊπΈ
X2 (Email Service 2)
ribbon_116@email2.com πΊπΈ
exact1257@email2.com πΊπΈ
saddle69@email2.com πΊπΈ
daught.967@email2.com πΊπΈ
opera.717@email2.com πΊπΈ
X3 (Email Service 3)
pizza.96@email3.com πΊπΈ
lyrics_1810@email3.com πΊπΈ
armor1208@email3.com πΊπΈ
foster_1821@email3.com πΊπΈ
fade30@email3.com πΊπΈ
Protocol
The Intelligence Community generates a random blinding key and blinds its input table as elliptic curve points in M.
Email Service 1 uses M, X1 to build R1. Email Service 2 uses M, X2, R1 to build R2. Email Service 3 uses M, X3, R2 to build R3. R1, R2, and R3 contain two elliptic curve points in each row.
M
aeb562...005d76
54c410...60a825
2c972c...44e973
402ace...793527
6e0c2a...e7c362
R1
f8b311...9d7f14 & 9e944b...e04a58
122839...bdb612 & 8c001b...a9114e
e49632...7fb476 & 1aa394...86c625
de7cc9...bf4a5b & fa05a9...69c24c
fea3a3...8c902f & 4ca486...ca8033
R2
8cf08d...c9c645 & 88ba1e...703070
d21b9c...dc3303 & e80d22...0f250a
a4e6ae...b10015 & 88044a...e03162
7e2cd9...8cf70f & 8229d2...ca1b67
683c17...2e286e & feac6b...136a4f
R3
a269f4...11d46c & 940781...27c135
96dc0d...1b5d4c & d65e29...652e3c
fa2cd4...9aad19 & 6457b6...6c0c26
72fd7b...1f6929 & 2c21f6...fd5219
5411a1...d7a513 & ec72d8...332279
Email Service 3 uses M, R3 to build a shuffled and encrypted table B.
M
aeb562...005d76
54c410...60a825
2c972c...44e973
402ace...793527
6e0c2a...e7c362
R (created by Service 3)
a269f4...11d46c & 940781...27c135
96dc0d...1b5d4c & d65e29...652e3c
fa2cd4...9aad19 & 6457b6...6c0c26
72fd7b...1f6929 & 2c21f6...fd5219
5411a1...d7a513 & ec72d8...332279
B
96dc0d...1b5d4c & 86c9f0...adff6e
72fd7b...1f6929 & 1afe75...90484b
fa2cd4...9aad19 & 886222...0232c4
5411a1...d7a513 & d05752...bdff34
a269f4...11d46c & 244613...a611df
Intelligence Community computes the intersection size using B and the blinding key .