PSI QuickStart#

Quick start with SPU Private Set Intersection (PSI).

Supported Protocols#

PSI protocols	Threat Model	Party Number	PsiTypeCode
ECDH-PSI	Semi-Honest	2P	1
ECDH-OPRF-PSI	Semi-Honest	2P
KKRT	Semi-Honest	2P	2
PCG_PSI	Semi-Honest	2P	3
Mini-PSI	Malicious	2P
DP-PSI	Semi-Honest	2P

MPC and PSI protocols are designed for specific Security model (or Threat Models).

Security model are widely considered to capture the capabilities of adversaries. Adversaries of semi-honest model and malicious model are Semi-honest Adversary and Malicious Adversary.

Semi-Honest PSI Must not be used in Malicious environment, may be attacked and leak information.

Our implementation of ECDH-PSI protocol supports multiple ECC curves:

Please check PSI Protocols Introduction for details.

PSI Example#

In-memory psi example#

A simple in-memory psi example.

C++ simple in-memory psi example .

Streaming psi example#

A streaming example where users could perform PSI for billion items. Read data from in_path, and Write PSI result to out_path. Select psi protocol from ecdh/kkrt.

C++ streaming psi example .

Python streaming psi example .

dp psi example#

example for dp psi.

dp psi example .

How To Run#

Run In-memory C++ PSI example#

First build simple_in_memory_psi.

bazel build //examples/cpp:simple_in_memory_psi

Start two terminals.

In the first terminal.

simple_in_memory_psi -- -rank 0 -data_size 1000

In the second terminal.

simple_in_memory_psi -- -rank 1 -data_size 1000

Run Streaming C++ PSI example#

Start two terminals.

Taking ECDH-PSI as an example, protocol is 1. KKRT-PSI sets protocol to 2, BC22 PCG-PSI sets protocol to 3.

Get PSI result in rank 0.

First build simple_psi.

bazel build //examples/cpp:simple_psi

In the first terminal.

simple_psi -rank 0 -protocol 1 -in_path ./examples/data/psi_1.csv -field_names id -out_path /tmp/p1.out

In the second terminal.

simple_psi -rank 1 -protocol 1 -in_path ./examples/data/psi_2.csv -field_names id -out_path /tmp/p2.out

Run Streaming Python PSI example#

PSI protocols support ECDH_PSI_2PC, KKRT_PSI_2PC, and BC22_PSI_2PC.

Get PSI result in rank 0.

Start two terminals.

In the first terminal.

python3 ./examples/python/psi/simple_psi.py --rank 0 --protocol ECDH_PSI_2PC --in_path ./examples/data/psi_1.csv --field_names id --out_path /tmp/p1.out

In the second terminal.

python3 ./examples/python/psi/simple_psi.py --rank 1 --protocol ECDH_PSI_2PC --in_path ./examples/data/psi_2.csv --field_names id --out_path /tmp/p2.out

Run DP PSI c++ example#

First build simple_dp_psi.

bazel build //examples/cpp:simple_dp_psi

Start two terminals.

In the first terminal.

simple_dp_psi -rank 0 -in_path ./examples/data/psi_1.csv -field_names id

In the second terminal.

simple_dp_psi -rank 1 -in_path ./examples/data/psi_2.csv -field_names id -out_path /tmp/p1.out

Run Unbalanced PSI python example#

Start two terminals.

In the first terminal.

python3 ./examples/python/psi/unbalanced_psi.py --rank 1 --in_path ./examples/data/psi_1.csv --field_names id

In the second terminal.

python3 ./examples/python/psi/unbalanced_psi.py --rank 0 -in_path ./examples/data/psi_2.csv -field_names id -out_path /tmp/p1.out

Benchmark#

benchmark result without data load time

ecdh-psi Benchmark#

DH-PSI benchmark code

cpu limited by docker(–cpu)

Intel(R) Xeon(R) Platinum	cpu	2^20	2^21	2^22	2^23	2^24
8269CY CPU @ 2.50GHz with curve25519-donna	4c	40.181s	81.227s	163.509s	330.466s	666.807s
8c	20.682s	42.054s	85.272s	173.836s	354.842s
16c	11.639s	23.670s	48.965s	100.903s	208.156s

Intel(R) Xeon(R) Platinum

cpu

2^20

2^21

2^22

2^23

2^24

8269CY CPU @ 2.50GHz

with curve25519-donna

40.181s

81.227s

163.509s

330.466s

666.807s

20.682s

42.054s

85.272s

173.836s

354.842s

16c

11.639s

23.670s

48.965s

100.903s

208.156s

ipp-crypto Multi-buffer Functions

Intel(R) Xeon(R) Platinum	cpu	2^20	2^21	2^22	2^23	2^24
8369B CPU @ 2.70GHz curve25519(ipp-crypto)	4c	7.37s	15.32s	31.932s	66.802s	139.994s
8c	4.3s	9.095s	18.919s	40.828s	87.649s
16c	2.921s	6.081s	13.186s	29.614s	65.186s

Intel(R) Xeon(R) Platinum

cpu

2^20

2^21

2^22

2^23

2^24

8369B CPU @ 2.70GHz

curve25519(ipp-crypto)

7.37s

15.32s

31.932s

66.802s

139.994s

4.3s

9.095s

18.919s

40.828s

87.649s

16c

2.921s

6.081s

13.186s

29.614s

65.186s

kkrt-psi Benchmark#

All of our experiments use a single thread for each party.

If the bandwidth is enough, the upstream could try to perform multi-threading optimizations

bandwidth limited by wondershaper.

10Mbps = 10240Kbps, 100Mbps = 102400Kbps, 1000Mbps = 1024000Kbps

wondershaper -a lo -u 10240

Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz

bandwidth	phase	2^18	2^20	2^22	2^24
LAN	offline	0.012s	0.012s	0.012s	0.014s
LAN	online	0.495s	2.474s	10.765s	44.368s
100Mbps	offline	0.012s	0.012s	0.024s	0.014s
100Mbps	online	2.694s	11.048s	46.983s	192.37s
10Mbps	offline	0.016s	0.019s	0.0312s	0.018s
10Mbps	online	25.434s	100.68s	415.94s	1672.21s

bc22 pcg-psi Benchmark#

Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz

bandwidth	2^18	2^20	2^21	2^22	2^23	2^24
LAN	1.261s	2.191s	3.503s	6.51s	13.012s	26.71s
100Mbps	2.417s	6.054s	11.314s	21.864s	43.778s	88.29s
10Mbps	18.826s	50.038s	96.516s	186.097s	369.84s	737.71s

Security Tips#

Warning: KKRT16 and BC22 PCG are semi-honest PSI protocols, and may be attacked in malicious model. We recommend using KKRT16 and BC22_PCG PSI protocol as one-way PSI, i.e., one party gets the final intersection result.