repo-sync-2024-05-21T20:55:08+0800 (#132)

RELEASE.md

@@ -5,6 +5,9 @@
 > - `[API]` prefix for API changes.
 > - `[Improvement]` prefix for implementation improvement.
 
+## v0.4.0.dev240521
+- [API] remove BC22 protocol
+
 ## v0.4.0.dev240517
 - [Improvement] upgrade yacl to 0.4.5b0.
 

docs/development/psi_protocol_intro.rst

@@ -6,7 +6,6 @@ SecretFlow SPU implements the following PSI protocols,
 - Semi-honest ECDH-based two-party PSI protocol [HFH99]_
 - Semi-honest ECDH-based three-party PSI protocol
 - Semi-honest OT-based two-party PSI protocol [KKRT16]_
-- Semi-honest OT-based two-party PSI protocol (with improved communication efficiency) [BC22]_
 - Differentially Private (DP) PSI Protocol [DP-PSI]_
 - Unbalanced PSI Protocol
 - Semi-honest and Malicious VOLE-based two-party PSI protocol [RS21]_ [RR22]_
@@ -120,42 +119,6 @@ We use 3-way stash-less CuckooHash proposed in [PSZ18]_.
 6. Receiver compares two BaRK-OPRFs set and obtains the intersection.
 
 
-BC22 PCG-PSI
-------------
-
-Pseudorandom Correlation Generator (PCG), is a primitive introduced in the work of Boyle et
-al. [BCG+19b]_, [BCGI18]_, [SGRR19]_, [BCG+19a]_, [CIK+20]_. The goal of PCG is to compress long sources
-of correlated randomness without violating security.
-
-Boyle et al. have designed multiple concretely efficient PCGs
-for specific correlations, such as vector oblivious linear evaluation (VOLE) or batch oblivious linear
-evaluation (BOLE). These primitives are at the heart of modern secure computation protocols with low
-communication overhead.The VOLE functionality allows a receiver to learn a secret linear combination
-of two vectors held by a sender and constructed (with sublinear communication) under variants
-of the syndrome decoding assumption.
-
-[BC22]_ uses PCG to speed up private set intersection protocols, minimizing computation and communication.
-We implement semi-honest version psi in [BC22]_ and use PCG/VOLE from [WYKW21]_ . [BC22]_ PSI protocol
-requires only 30 seconds for the case of larger sets ( :math:`2^{24}` items each) of long strings (128 bits),
-and reduces 1/3 communication than [KKRT16]_.
-
-.. figure:: ../_static/pcg_psi.png
-
-1. Sender and Receiver agree on :math:`(3,2)`-Generalized CuckooHash :math:`h_1,h_2: {\{0,1\}}^{*} \rightarrow [m]`
-
-2. Receiver inserts each x into bin :math:`h_1(x)` or :math:`h_2(x)`
-
-3. Sender inserts each y into bin :math:`h_1(y)` and :math:`h_2(y)`
-
-4. Run PCG/VOLE from [WYKW21]_, :math:`w_i = \Delta * u_i + v_i`,  Receiver gets :math:`w_i` and :math:`\Delta`,
-   Sender gets :math:`u_i` and :math:`v_i`, for each :math:`bin_i`
-
-5. Receiver sends Masked Bin Polynomial Coefficients to Sender, and receives BaRK-OPRF values
-
-6. Sender sends all BaRK-OPRF values for each :math:`{\{y_i\}}_{i=1}^{n_2}` to Receiver
-
-7. Receiver compares two BaRK-OPRFs sets and gets intersection.
-
 Differentially Private PSI
 --------------------------
 
@@ -240,7 +203,7 @@ An Oblivious Pseudorandom Function (OPRF) is a two-party protocol between client
 output of a Pseudorandom Function (PRF). [draft-irtf-cfrg-voprf-10]_ specifies OPRF, VOPRF, and POPRF protocols
 built upon prime-order groups.
 
-.. figure:: ../_static/ecdh_oprf_psi.png
+.. figure:: ../_static/ecdh_oprf_psi.jpg
 
 - Offline Phase
 
@@ -409,8 +372,6 @@ Reference
    Efficient two-round OT extension and silent non-interactive secure computation. In ACM CCS 2019,
    pages 291–308. ACM Press, November 2019.
 
-.. [BC22] Private Set Intersection from Pseudorandom Correlation Generators
-
 .. [Ber06] Daniel J. Bernstein. Curve25519: new diffie-hellman speed records. In In Public
    Key Cryptography (PKC), Springer-Verlag LNCS 3958, page 2006, 2006. (Cited on page 4.)
 

docs/reference/psi_config.md

@@ -162,7 +162,6 @@ The algorithm type of psi.
 | INVALID_PSI_TYPE | 0 | none |
 | ECDH_PSI_2PC | 1 | DDH based PSI |
 | KKRT_PSI_2PC | 2 | Efficient Batched Oblivious PRF with Applications to Private Set Intersection https://eprint.iacr.org/2016/799.pdf |
-| BC22_PSI_2PC | 3 | PSI from Pseudorandom Correlation Generators https://eprint.iacr.org/2022/334 |
 | ECDH_PSI_3PC | 4 | Multi-party PSI based on ECDH (Say A, B, C (receiver)) notice: two-party intersection cardinarlity leak (|A intersect B|) |
 | ECDH_PSI_NPC | 5 | Iterative running 2-party ecdh psi to get n-party PSI. Notice: two-party intersection leak |
 | KKRT_PSI_NPC | 6 | Iterative running 2-party kkrt psi to get n-party PSI. Notice: two-party intersection leak |

docs/user_guide/psi.rst

@@ -157,26 +157,10 @@ Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz
 |           | online  | 25.434s | 100.68s | 415.94s | 1672.21s |
 +-----------+---------+---------+---------+---------+----------+
 
-bc22 pcg-psi Benchmark
->>>>>>>>>>>>>>>>>>>>>>
-
-Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz
-
-+-----------+---------+---------+---------+----------+---------+---------+
-| bandwidth |   2^18  |   2^20  |   2^21  |   2^22   |   2^23  |   2^24  |
-+===========+=========+=========+=========+==========+=========+=========+
-|    LAN    | 1.261s  | 2.191s  | 3.503s  | 6.51s    | 13.012s | 26.71s  |
-+-----------+---------+---------+---------+----------+---------+---------+
-|  100Mbps  | 2.417s  | 6.054s  | 11.314s | 21.864s  | 43.778s | 88.29s  |
-+-----------+---------+---------+---------+----------+---------+---------+
-|   10Mbps  | 18.826s | 50.038s | 96.516s | 186.097s | 369.84s | 737.71s |
-+-----------+---------+---------+---------+----------+---------+---------+
-
 
 Security Tips
 -------------
 
-Warning:  `KKRT16 <https://eprint.iacr.org/2016/799.pdf>`_ and
-`BC22 PCG <https://eprint.iacr.org/2022/334.pdf>`_ are semi-honest PSI protocols,
+Warning:  `KKRT16 <https://eprint.iacr.org/2016/799.pdf>`_ is semi-honest PSI protocols,
 and may be attacked in malicious model.
-We recommend using KKRT16 and BC22_PCG PSI protocol as one-way PSI, i.e., one party gets the final intersection result.
+We recommend using KKRT16 PSI protocol as one-way PSI, i.e., one party gets the final intersection result.