server

package

v2.0.2+incompatible Latest Latest Go to latest Published: Jan 19, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openmined/psi-cardinality

Links

Open Source Insights

Documentation ¶

Overview ¶

Package server for the server-side of the Private Set Intersection protocol.

In PSI, two parties (client and server) each hold a dataset, and at the end of the protocol the client learns the size of the intersection of both datasets, while no party learns anything beyond that (cardinality mode).

This variant of PSI introduces a small false-positive rate (i.e., the reported cardinality will be slightly larger than the actual cardinality. The false positive rate can be tuned by the server.

The protocol works as follows.

1. Setup phase

The server encrypts all its elements x under a commutative encryption scheme, computing H(x)^s where s is its secret key. The encrypted elements are then inserted in a Bloom filter, which is sent to the client in the form of a serialized protobuf. The protobuf has the following form:

{
  "num_hash_functions": <int>,
  "bits": <string>
}

Here, `bits` is a binary string.

2. Client request

The client encrypts all their elements x using the commutative encryption scheme, computing H(x)^c, where c is the client's secret key. The encoded elements are sent to the server as an array together with a boolean reveal_intersection that indicates whether the client wants to learn the elements in the intersection or only its size. The payload is sent as a serialized protobuf to the client and holds the following form:

{
  "reveal_intersection": <bool>,
  "encrypted_elements": [ H(x_1)^c, H(x_2)^c, ... ]
}

3. Server response

For each encrypted element H(x)^c received from the client, the server encrypts it again under the commutative encryption scheme with its secret key s, computing (H(x)^c)^s = H(x)^(cs). The result is sent back to the client as a serialized protobuf holding the following form:

{
  "encrypted_elements": [ H(x_1)^c, H(x_2)^c, ... ]
}

If reveal_intersection is false, the array is sorted to hide the order of entries from the client.

4. Client computes intersection

The client decrypts each element received from the server's response using its secret key c, computing (H(x)^(cs))^(1/c) = H(x)^s. It then checks if each element is present in the Bloom filter, and reports the number of matches as the intersection size.

Index ¶

type PsiServer
- func CreateFromKey(key []byte, revealIntersection bool) (*PsiServer, error)
- func CreateWithNewKey(revealIntersection bool) (*PsiServer, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PsiServer ¶

type PsiServer struct {
	// contains filtered or unexported fields
}

PsiServer context for the server side of a Private Set Intersection protocol.

func CreateFromKey ¶

func CreateFromKey(key []byte, revealIntersection bool) (*PsiServer, error)

CreateFromKey creates and returns a new server instance with the provided private key.

Returns an error if any crypto operations fail.

func CreateWithNewKey ¶

func CreateWithNewKey(revealIntersection bool) (*PsiServer, error)

CreateWithNewKey creates and returns a new server instance with a fresh private key.

Returns an error if any crypto operations fail.

func (*PsiServer) CreateSetupMessage ¶

func (s *PsiServer) CreateSetupMessage(fpr float64, inputCount int64, rawInput []string, ds psi_ds.DataStructure) (*psi_proto.ServerSetup, error)

CreateSetupMessage - Creates a setup message from the server's dataset to be sent to the client. The setup message is a Bloom filter containing H(x)^s for each element x in `inputs`, where s is the server's secret key. The setup is sent to the client as a serialized protobuf with the following form:

{
  "num_hash_functions": <int>,
  "bits": <string>
}

`bits` is encoded as Base64. The false-positive rate `fpr` is the probability that any query of size `num_client_inputs` will result in a false positive.

func (*PsiServer) Destroy ¶

func (s *PsiServer) Destroy()

Destroy frees the C context.

func (*PsiServer) GetPrivateKeyBytes ¶

func (s *PsiServer) GetPrivateKeyBytes() ([]byte, error)

GetPrivateKeyBytes returns this instance's private key. This key should only be used to create other server instances. DO NOT SEND THIS KEY TO ANY OTHER PARTY!

func (*PsiServer) ProcessRequest ¶

func (s *PsiServer) ProcessRequest(requestProto *psi_proto.Request) (*psi_proto.Response, error)

ProcessRequest - Processes a client query and returns the corresponding server response to be sent to the client. For each encrytped element H(x)^c in the decoded `client_request`, computes (H(x)^c)^s = H(X)^(cs) and returns these as an array inside a protobuf.

If reveal_intersection == false, the resulting array is sorted, which prevents the client from matching the individual response elements to the ones in the request, ensuring that they can only learn the intersection size but not individual elements in the intersection.

Returns INVALID_ARGUMENT if the request is malformed or if reveal_intersection != client_request["reveal_intersection"].

func (*PsiServer) Version ¶

func (s *PsiServer) Version() string

Version of the library.

Source Files ¶

View all Source files

server.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL