🤖 AI Summary
This work addresses the accumulation of reliability errors in fuzzy labeled private set intersection (FLPSI) caused by per-record trial-and-error matching. To resolve this, the authors propose CSTPSI, a matching kernel that integrates hierarchical BFV homomorphic encryption, garbled circuits, and secret sharing to efficiently and securely determine—over encrypted data—whether a query and database records meet a similarity threshold and to return labels without leakage. By decoupling matching into independent token rounds, the scheme converts per-attempt error rates into overall compositional security, thereby eliminating residual statistical errors (RSE) that otherwise grow with database size. Experiments demonstrate zero RSE at million-scale datasets, over 20× speedup and 93% lower communication overhead at small-to-medium scales, and engineering-grade reliability (10⁻⁶ failure probability) in billion-scale settings within just three token rounds.
📝 Abstract
Fuzzy Labeled Private Set Intersection (FLPSI) lets a receiver learn the labels of enrolled records similar to its query, and nothing else. Constructions based on a set-threshold reduction reach practical performance: a query matches a record when the two agree on a threshold number of components, and the private matching is delegated to an inner set-threshold kernel. We study its homomorphic form, which combines leveled-BFV homomorphic encryption (HE), a garbled circuit, and secret sharing to decide the match under encryption and release the record's label. We identify a composition gap in this kernel: efficiency is bought with a per-trial false-accept probability, but one query runs a trial for every record, so the error compounds with the database size into the kernel's realization soundness error (RSE), the rate at which it accepts a query the plaintext matcher would reject. The RSE is a reliability property of the cryptographic matching layer, not the matcher's accuracy, and a sound kernel must contribute zero or negligible RSE of its own. We formalize this as a composable security property, give a closed-form bound on the receiver's advantage, and close the gap with CSTPSI, a kernel that runs independent token rounds and raises the per-trial bound to a matching power. We prove CSTPSI secure in the semi-honest model. The bound sets the round count: two token rounds suffice for million-scale databases and three for billion-scale at the $10^{-6}$ engineering threshold. Our evaluation confirms this: at a million records the baseline kernel's RSE reaches 100% while CSTPSI holds it at 0 in every measured configuration. For large labels at small to moderate scale CSTPSI is more than 20x faster than the baseline, with up to 93% less communication, converging to the baseline only at million-scale. Our implementation, with a one-command reproducibility harness, is publicly available.