SpringerLink
Log in

Scaling Mobile Private Contact Discovery to Billions of Users

  • Conference paper
  • First Online:
Computer Security – ESORICS 2023 (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14344))

Included in the following conference series:

  • 412 Accesses

Abstract

Mobile contact discovery is a convenience feature of messengers such as WhatsApp or Telegram that helps users to identify which of their existing contacts are registered with the service. Unfortunately, the contact discovery implementation of many popular messengers massively violates the users’ privacy as demonstrated by Hagen et al. (NDSS ’21, ACM TOPS ’23). Unbalanced private set intersection (PSI) protocols are a promising cryptographic solution to realize mobile private contact discovery, however, state-of-the-art protocols do not scale to real-world database sizes with billions of registered users in terms of communication and/or computation overhead.

In our work, we make significant steps towards truly practical large-scale mobile private contact discovery. For this, we combine and substantially optimize the unbalanced PSI protocol of Kales et al. (USENIX Security ’19) and the private information retrieval (PIR) protocol of Kogan and Corrigan-Gibbs (USENIX Security ’21). Our resulting protocol has a total communication overhead that is sublinear in the size of the server’s user database and also has sublinear online runtimes. We optimize our protocol by introducing database partitioning and efficient scheduling of user queries. To handle realistic change rates of databases and contact lists, we propose and evaluate different possibilities for efficient updates. We implement our protocol on smartphones and measure online runtimes of less than 2 s to query up to 1 024 contacts from a database with more than two billion entries. Furthermore, we achieve a reduction in setup communication up to factor \(32\times \) compared to state-of-the-art mobile private contact discovery protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 47.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 59.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: EUROCRYPT (2015)

    Google Scholar 

  2. Ali, A., et al.: Communication-computation trade-offs in PIR. In: USENIX Security (2021)

    Google Scholar 

  3. Angel, S., Chen, H., Laine, K., Setty, S.T.V.: PIR with compressed queries and amortized query processing. In: S &P (2018)

    Google Scholar 

  4. Apple, Google: Exposure Notification Privacy-preserving Analytics (ENPA) White Paper (2021). https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ENPA_White_Paper.pdf

  5. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer extensions with security for malicious adversaries. In: EUROCRYPT (2015)

    Google Scholar 

  6. Beimel, A., Ishai, Y., Malkin, T.: Reducing the servers computation in private information retrieval: PIR with preprocessing. In: CRYPTO (2000)

    Google Scholar 

  7. Bloom, B.H.: Space/Time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)

    Google Scholar 

  8. Boneh, D., Boyle, E., Corrigan-Gibbs, H., Gilboa, N., Ishai, Y.: Lightweight techniques for private heavy hitters. In: S &P (2021)

    Google Scholar 

  9. Borrello, P., Kogler, A., Schwarzl, M., Lipp, M., Gruss, D., Schwarz, M.: ÆPIC leak: Architecturally leaking uninitialized data from the microarchitecture. In: USENIX Security (2022)

    Google Scholar 

  10. Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: EUROCRYPT (2015)

    Google Scholar 

  11. Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing: Improvements and extensions. In: CCS (2016)

    Google Scholar 

  12. Bui, D., Couteau, G.: Improved private set intersection for sets with small entries. In: PKC (2023)

    Google Scholar 

  13. Chen, H., Huang, Z., Laine, K., Rindal, P.: Labeled PSI from fully homomorphic encryption with malicious security. In: CCS (2018)

    Google Scholar 

  14. Chen, H., Laine, K., Rindal, P.: Fast private set intersection from homomorphic encryption. In: CCS (2017)

    Google Scholar 

  15. Cong, K., et al.: Labeled PSI from homomorphic encryption with reduced computation and communication. In: CCS (2021)

    Google Scholar 

  16. Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: NSDI (2017)

    Google Scholar 

  17. Corrigan-Gibbs, H., Henzinger, A., Kogan, D.: Single-server private information retrieval with sublinear amortized time. In: EUROCRYPT (2022)

    Google Scholar 

  18. Corrigan-Gibbs, H., Kogan, D.: Private information retrieval with sublinear online time. In: EUROCRYPT (2020)

    Google Scholar 

  19. Cristofaro, E.D., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set intersection and union. In: CANS (2012)

    Google Scholar 

  20. Cristofaro, E.D., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: FC (2010)

    Google Scholar 

  21. Cui, J., Yu, J.Z., Shinde, S., Saxena, P., Cai, Z.: SmashEx: smashing SGX enclaves using exceptions. In: CCS (2021)

    Google Scholar 

  22. Davidson, A., Pestana, G., Celi, S.: FrodoPIR: simple, scalable, single-server private information retrieval. PETS (2023)

    Google Scholar 

  23. Demmler, D., Rindal, P., Rosulek, M., Trieu, N.: PIR-PSI: scaling private contact discovery. PETS (2018)

    Google Scholar 

  24. Eppstein, D.: Cuckoo filter: simplification and analysis. In: SWAT (2016)

    Google Scholar 

  25. Facebook, Inc. (FB): First Quarter 2020 Results Conference Call (2020). https://s21.q4cdn.com/399680738/files/doc_financials/2020/q1/Q1’20-FB-Earnings-Call-Transcript.pdf

  26. Fan, B., Andersen, D.G., Kaminsky, M., Mitzenmacher, M.: Cuckoo filter: practically better than bloom. In: CoNEXT (2014)

    Google Scholar 

  27. Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: TCC (2005)

    Google Scholar 

  28. Garimella, G., Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: Oblivious key-value stores and amplification for private set intersection. In: CRYPTO (2021)

    Google Scholar 

  29. Ghosh, S.: Facebook probably has your phone number, even if you never shared it. Now it has a secret tool to let you delete it (2022). https://www.businessinsider.com/facebook-has-hidden-tool-to-delete-your-phone-number-email-2022-10

  30. Gong, T., Henry, R., Psomas, A., Kate, A.: More is merrier in collusion mitigation (2022). CoRR ar**v:2305.08846

  31. Günther, D., Heymann, M., Pinkas, B., Schneider, T.: GPU-accelerated PIR with client-independent preprocessing for large-scale applications. In: USENIX Security (2022)

    Google Scholar 

  32. Hagen, C., Weinert, C., Sendner, C., Dmitrienko, A., Schneider, T.: All the numbers are US: large-scale abuse of contact discovery in mobile messengers. In: NDSS (2021)

    Google Scholar 

  33. Hagen, C., Weinert, C., Sendner, C., Dmitrienko, A., Schneider, T.: Contact discovery in mobile messengers: Low-cost attacks, quantitative analyses, and efficient mitigations. TOPS (2023)

    Google Scholar 

  34. Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. J. Cryptol. 23, 422–456 (2010)

    Google Scholar 

  35. Heinrich, A., Hollick, M., Schneider, T., Stute, M., Weinert, C.: PrivateDrop: Practical privacy-preserving authentication for Apple AirDrop. In: USENIX Security (2021)

    Google Scholar 

  36. Henry, R.: Polynomial batch codes for efficient IT-PIR. PETS (2016)

    Google Scholar 

  37. Henzinger, A., Hong, M.M., Corrigan-Gibbs, H., Meiklejohn, S., Vaikuntanathan, V.: One server for the price of two: Simple and fast single-server private information retrieval. In: USENIX Security (2023)

    Google Scholar 

  38. Hombashi, T.: Tcconfig (2022). https://github.com/thombashi/tcconfig

  39. Internet Security Research Group: ISRG Prio Services for Preserving Privacy in COVID-19 EN Apps (2021). https://divviup.org/blog/prio-services-for-covid-en/

  40. Internet Security Research Group: Divvi Up (2023). https://divviup.org/

  41. Ion, M., et al.: On deploying secure computing: Private intersection-sum-with-cardinality. In: EuroS &P (2020)

    Google Scholar 

  42. Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Batch codes and their applications. In: STOC (2004)

    Google Scholar 

  43. Kales, D., Rechberger, C., Schneider, T., Senker, M., Weinert, C.: Mobile private contact discovery at scale. In: USENIX Security (2019)

    Google Scholar 

  44. Keller, M., Orsini, E., Scholl, P.: Actively secure OT extension with optimal overhead. In: CRYPTO (2015)

    Google Scholar 

  45. Kiss, Á., Liu, J., Schneider, T., Asokan, N., Pinkas, B.: Private set intersection for unequal set sizes with mobile applications. PETS (2017)

    Google Scholar 

  46. Kogan, D., Corrigan-Gibbs, H.: Private blocklist lookups with checklist. In: USENIX Security (2021)

    Google Scholar 

  47. Kolesnikov, V., Kumaresan, R., Rosulek, M., Trieu, N.: Efficient batched oblivious PRF with applications to private set intersection. In: CCS (2016)

    Google Scholar 

  48. Lazzaretti, A., Papamanthou, C.: Single server PIR with sublinear amortized time and polylogarithmic bandwidth. ePrint 2022/081 (2022)

    Google Scholar 

  49. Li, L., Pal, B., Ali, J., Sullivan, N., Chatterjee, R., Ristenpart, T.: Protocols for checking compromised credentials. In: SIGSAC (2019)

    Google Scholar 

  50. Liu, J., Li, J., Wu, D., Ren, K.: PIRANA: Faster multi-query PIR via constant-weight codes (2022). ePrint 2022/1401

    Google Scholar 

  51. Ma, Y., Zhong, K., Rabin, T., Angel, S.: Incremental Offline/Online PIR. In: USENIX Security (2022)

    Google Scholar 

  52. Meadows, C.A.: A more efficient cryptographic matchmaking protocol for use in the absence of a continuously available third party. In: S &P (1986)

    Google Scholar 

  53. Menon, S.J., Wu, D.J.: SPIRAL: fast, high-rate single-server PIR via FHE composition. In: S &P (2022)

    Google Scholar 

  54. Mughees, M.H., Chen, H., Ren, L.: OnionPIR: response efficient single-server PIR. In: CCS (2021)

    Google Scholar 

  55. Mughees, M.H., Ren, L.: Vectorized batch private information retrieval. S &P (2023)

    Google Scholar 

  56. Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. Journal of ACM 51(2), 231–262 (2004)

    Google Scholar 

  57. Nevo, O., Trieu, N., Yanai, A.: Simple, fast malicious multiparty private set intersection. In: CCS (2021)

    Google Scholar 

  58. Olson, P.: Facebook Closes \$19 Billion WhatsApp Deal (2014). https://www.forbes.com/sites/parmyolson/2014/10/06/facebook-closes-19-billion-whatsapp-deal/

  59. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: CRYPTO (2008)

    Google Scholar 

  60. Pinkas, B., Schneider, T., Segev, G., Zohner, M.: Phasing: Private set intersection using permutation-based hashing. In: USENIX Security (2015)

    Google Scholar 

  61. Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: AC (2009)

    Google Scholar 

  62. Pinkas, B., Schneider, T., Zohner, M.: Scalable private set intersection based on OT extension. TOPS (2018)

    Google Scholar 

  63. Raab, M., Steger, A.: “Balls into Bins” - A simple and tight analysis. In: RANDOM (1998)

    Google Scholar 

  64. Ragab, H., Milburn, A., Razavi, K., Bos, H., Giuffrida, C.: CrossTalk: Speculative data leaks across cores are real. In: S &P (2021)

    Google Scholar 

  65. Raghuraman, S., Rindal, P.: Blazing fast PSI from improved OKVS and subfield VOLE. In: CCS (2022)

    Google Scholar 

  66. Resende, A.C.D., Aranha, D.F.: Faster unbalanced private set intersection. In: FC (2018)

    Google Scholar 

  67. Rindal, P., Schoppmann, P.: VOLE-PSI: Fast OPRF and circuit-PSI from vector-OLE. In: EUROCRYPT (2021)

    Google Scholar 

  68. Shi, E., Aqeel, W., Chandrasekaran, B., Maggs, B.M.: Puncturable pseudorandom sets and private information retrieval with near-optimal online bandwidth and time. In: CRYPTO (2021)

    Google Scholar 

  69. Thomas, K., et al.: Protecting accounts from credential stuffing with password breach alerting. In: USENIX Security (2019)

    Google Scholar 

  70. Trieu, N., Shehata, K., Saxena, P., Shokri, R., Song, D.: Epione: lightweight contact tracing with strong privacy. IEEE Data Eng. Bull. 43(2), 95–107 (2020)

    Google Scholar 

  71. Troy Hunt: Have I Been Pwned: Check if your email has been compromised in a data breach (2023). https://haveibeenpwned.com/

  72. van Schaik, S., Minkin, M., Kwong, A., Genkin, D., Yarom, Y.: CacheOut: leaking data on intel CPUs via cache evictions. In: S &P (2021)

    Google Scholar 

  73. Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)

    Google Scholar 

  74. Yeo, K.: Lower bounds for (batch) PIR with private preprocessing. In: EUROCRYPT (2023)

    Google Scholar 

  75. Zhou, M., Lin, W.K., Tselekounis, Y., Shi, E.: Optimal single-server private information retrieval. In: EUROCRYPT (2023)

    Google Scholar 

Download references

Acknowledgements

This project received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation program (grant agreement No. 850990 PSOTI). It was co-funded by the Deutsche Forschungsgemeinschaft (DFG) within SFB 1119 CROSSING/236615297 and GRK 2050 Privacy & Trust/251805230.

Author information

Authors and Affiliations

  1. ENCRYPTO, Technical University of Darmstadt, Darmstadt, Germany

    Laura Hetz & Thomas Schneider

  2. Royal Holloway, University of London, London, UK

    Christian Weinert

Authors
  1. Laura Hetz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Schneider
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Weinert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laura Hetz .

Editor information

Editors and Affiliations

  1. University of California, Irvine, CA, USA

    Gene Tsudik

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. Delft University of Technology, Delft, The Netherlands

    Georgios Smaragdakis

Appendix

Appendix

1.1 A PIR Survey

In Table 5, we summarize our survey of recent PIR protocols for their use in OPRF-based PSI based on which we selected the OO-PIR by Kogan and Corrigan-Gibbs [46].

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hetz, L., Schneider, T., Weinert, C. (2024). Scaling Mobile Private Contact Discovery to Billions of Users. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14344. Springer, Cham. https://doi.org/10.1007/978-3-031-50594-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-50594-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-50593-5

  • Online ISBN: 978-3-031-50594-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation