7

I have a user A and a third party company B. I want to check if A is a customer of B.

  1. B cannot reveal any information about their customer list to me.
  2. If A is a customer of B, I do not want B to know which customer they are. They should only know True/False answer to wether they are a customer.

What sort of problem is this? I thought this might be a private set intersection problem but the definition seems to violate my second condition. Is this instead a Zero Knowledge Proof problem?

"Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection."

Toby
  • 71
  • 1

1 Answers1

4

A 1-out-of-n Oblivious Transfer protocol would fit as a solution to your problem.

Oblivious Transfer can be viewed as an improved Private information retrieval protocol, because it allows that only exactly 1 item is retrieved from the database, without sharing any additional info about the database. In addition the "sharer" of the database ($B$) doesn't learn about which item ($A$) was retrieved.

If $A$ is not a customer of $B$ then $B$ should only return information in a way to make it clear to you that $A$ indeed is not a customer and not any information more should be disclosed by $B$.

Tung Chou and Claudio Orlandi have designed a relatively easy to understand 1-out-of-n OT-protocol, appropriately named The Simplest Protocol for Oblivious Transfer. The math used for this protocol is almost the same that is also used for Diffie-Hellman key exchange.

If you really want a computationally efficient protocol, then the OT-protocol designed by Moni Naor and Benny Pinkas (Computationally Secure Oblivious Transfer) is more appropriate.

AleksanderCH
  • 6,511
  • 10
  • 31
  • 64