Estimating Incidental Collection in
Foreign Intelligence Surveillance

Large Scale Multiparty Private Set Intersection with Union and Sum

Instructions
 This example is a gross simplification. Please refer to the paper for the exact protocol.
 In this example, there are 4 participants: Intelligence Community, Email Service 1, Email Service 2, Email Service 3.
 For simplicity, all participants have input tables of the same size.
 Hover over each table to view a list of participants it is visible to.
 Random tables can be generated by selecting the table and intersection sizes below.
Setup
 Each participant builds an input table consisting of email addresses.
 Intelligence Community's input table X0 contains all addresses they incidentally collected emails to or from.
 Service providers' input tables X1, X2, X3 contain all email addresses believed to be controlled by users located in the U.S. πŸ‡ΊπŸ‡Έ
X0 (Intelligence Community)
  • basic_549@email4.com
  • black.1175@email3.com
  • mango.1688@email4.com
  • group1715@email2.com
  • visual_1105@email2.com
X1 (Email Service 1)
  • inflic.545@email1.com πŸ‡ΊπŸ‡Έ
  • electr986@email1.com πŸ‡ΊπŸ‡Έ
  • half.1268@email1.com πŸ‡ΊπŸ‡Έ
  • cry_308@email1.com πŸ‡ΊπŸ‡Έ
  • absurd1131@email1.com πŸ‡ΊπŸ‡Έ
X2 (Email Service 2)
  • visual_1105@email2.com πŸ‡ΊπŸ‡Έ
  • quit_188@email2.com πŸ‡ΊπŸ‡Έ
  • task.1404@email2.com πŸ‡ΊπŸ‡Έ
  • group1715@email2.com πŸ‡ΊπŸ‡Έ
  • casual.1030@email2.com πŸ‡ΊπŸ‡Έ
X3 (Email Service 3)
  • van_1826@email3.com πŸ‡ΊπŸ‡Έ
  • canoe_1093@email3.com πŸ‡ΊπŸ‡Έ
  • black.1175@email3.com πŸ‡ΊπŸ‡Έ
  • virus.1977@email3.com πŸ‡ΊπŸ‡Έ
  • saddle.1669@email3.com πŸ‡ΊπŸ‡Έ
Protocol
  The Intelligence Community generates a random blinding key and blinds its input table as elliptic curve points in M.
​
M
  • 3048b7fda8300cd023579463080d1529d3485cb2db65e6463de614510d10c975
  • f82861f17cdbdd34e5adf6295a23de604ee2c8ae8c75c5ce24f35fb255497e05
  • cae0d782de8e3756df388ea18d95dd5c68e25d5328ee264e80a8167cc8db0141
  • 2c3a7f85f54a45ce34947511e6ba072df55d0e5d0c92b01105678c727473fd60
  • b6c93e83d6bd3ef07189f5d9a0e237b567c6e3f5fe2b1ecda525ad67bb7b6942
 Email Service 1 uses M, X1 to build R1. Email Service 2 uses M, X2, R1 to build R2. Email Service 3 uses M, X3, R2 to build R3. R1, R2, and R3 contain two elliptic curve points in each row.
M
  • 3048b7...10c975
  • f82861...497e05
  • cae0d7...db0141
  • 2c3a7f...73fd60
  • b6c93e...7b6942
R1
  • 2cfa15...225e71 & 48c9d0...dbde4e
  • 144f2e...26411a & 9252d2...496018
  • 0a2e5e...eb4237 & 86dd4e...02c47c
  • 323b79...426a10 & 86ff8e...18db4c
  • 968c24...415074 & ca6e83...898c1e
R2
  • ec5013...49454b & 0e31ba...4d8961
  • 20d3dc...c0c72a & 80e845...5c590b
  • 644976...a18a15 & 4eaffd...017e5a
  • 4899c8...966222 & d84dbb...5b505e
  • ea5fa8...f0df3c & a03e07...9cc32b
R3
  • e60483...a39039 & fc8fbc...e94930
  • da5d2a...fcbd7f & fa87a6...cd2b53
  • 7809ee...0d8f10 & b41b2c...f04659
  • 74b0d7...d8b44e & 8aa1f9...c29a22
  • 42b848...e86671 & 7c0981...cbeb37
 Email Service 3 uses M, R3 to build a shuffled and encrypted table B.
M
  • 3048b7...10c975
  • f82861...497e05
  • cae0d7...db0141
  • 2c3a7f...73fd60
  • b6c93e...7b6942
R (created by Service 3)
  • e60483...a39039 & fc8fbc...e94930
  • da5d2a...fcbd7f & fa87a6...cd2b53
  • 7809ee...0d8f10 & b41b2c...f04659
  • 74b0d7...d8b44e & 8aa1f9...c29a22
  • 42b848...e86671 & 7c0981...cbeb37
B
  • da5d2a...fcbd7f & c64d35...c530ab
  • 74b0d7...d8b44e & 733b4d...b950a2
  • 7809ee...0d8f10 & 0c2276...69eddd
  • 42b848...e86671 & 47c1d9...319e24
  • e60483...a39039 & 5f048d...c47ae4
 Intelligence Community computes the intersection size using B and the blinding key .
​
B
  • (da5d2a...fcbd7f, c64d35...c530ab)
  • (74b0d7...d8b44e, 733b4d...b950a2)
  • (7809ee...0d8f10, 0c2276...69eddd)
  • (42b848...e86671, 47c1d9...319e24)
  • (e60483...a39039, 5f048d...c47ae4)
Result
  • Matched πŸ‡ΊπŸ‡Έ
  • Matched πŸ‡ΊπŸ‡Έ
  • Not matched
  • Matched πŸ‡ΊπŸ‡Έ
  • Not matched
​
No participant learns any other information.