A Comparative Study of Threshold Multiparty Private Set Intersection Protocols

Abstract

Within the field of \emph{cyber threat intelligence} (CTI), healthcare institutions are one of the most targeted organizations by cybercriminals. To mitigate future attacks on their digital infrastructures, healthcare institutions can collaborate and exchange security logs. These logs include data such as IP addresses, malware hashes, and other indicators of compromise. By identifying shared elements across different datasets, threats that are harmful to a greater number of organizations---and thus, pose a more significant risk---can be highlighted to detect common attack patterns. These attack patterns could then provide insight into understanding how cyber criminals operate on a larger scale. However, disclosing locally collected CTI could compromise a hospital's security posture and reputation since it reveals vulnerabilities or attack techniques used by hackers. Furthermore, this cyber threat data is often sensitive. That is why the threat data needs to be shared in a privacy-preserving manner. \emph{Multiparty private set intersection} (MPSI) is a solution that allows parties to find the intersection of all their sets without learning anything of the other inputs. Although, in many cases, the condition that an element be present in all sets is too restrictive. A potential threat is still worth investigating even if it only appears in a portion of sets. Therefore, we focus on \emph{threshold multiparty private set intersection} (T-MPSI). However, not all T-MPSI schemes perform equally depending on the context. Our goal is to determine what makes a T-MPSI protocol effective for application in medical CTI sharing. To do so, we analyze four state-of-the-art T-MPSI protocols in terms of security, theoretical communication and computational complexities, and practical runtime performance.