Tjitske Koster, PhD Researcher, University of Technology Delft
Private Set Intersection (PSI) enables two parties to compute the intersection of their datasets without revealing any elements outside the intersection. Many solid protocols exist, but recent attacks have shown that input privacy can sometimes be compromised - even in maliciously secure protocols. These attacks make use of malicious input and our goal today is to protect against this threat.
To mitigate these types of attacks, Authorized PSI (APSI) introduces a trusted third-party judge who authorizes the input prior to the intersection. However, trusting a judge with all your elements may be impractical or undesirable. Building on this idea, Falzon and Markatou (PETS 2025) proposed Partial-APSI, a privacy-preserving variant of APSI where only a portion of each input set is revealed to the judge. Unfortunately, their protocol suffers from substantial bandwidth costs. In this presentation we will construct a bandwidth-efficient Partial-APSI protocol that significantly outperforms Falzon and Markatou’s approach—both in theory and in practice (Euro S&P 2026). And then the final question, can we obtain the same functionality without a judge, maybe with zero-knowledge proofs?