This package implements the DH-MPPJ protocol, as proposed in the paper "Multi-party Private Joins" by by Anja Lehmann, Christian Mouchet and Andrey Sidorenko, PETS 2026. It implement this protocol over the P-256 elliptic curve.
A multi-party private join (MPPJ) protocol enables multiple source parties to provide a receiver party with the inner joins over their respective datasets, while revealing as little information as possible. In particular, the identifiers (primary keys in database terms), as well as any data not in the inner join should not be disclosed to the receiver. Our protocol additionally assumes a semi-honest helper party. See the illustration below for a simple example with three data sources.
For each party, this package provides an implementation as a type: mppj.Source,
mppj.Helper and mppj.Receiver. Each type can be instantiated from public parameters
and provide the main cryptographic operations as public methods.
The protocol has two rounds, so each type has one main method which correspond to its local operation in the protocol:
mppj.Source.Prepareencrypts a single source's data towards the receiver's public key. The data is to be sent to the Helper.mppj.Helper.Converttakes as input all the sources' encrypted data tables, and computes an encrypted joined table, which is to be sent to the Receiver.mppj.Receiver.JoinTablesdecrypts the joined tables and extracts the join.
Each operation has a channel-based counterpart which enables each party to process the tables in a streaming fashion. The streamed and the non-streamed methods enable processing over multiple cores via a parameterizable number of goroutines.
See the examples/minimal/main.go file for a minimal working
program demonstrating the use of the types. The documentation is hosted at
pkg.go.dev.
party_datasource.go: the source-related operations.party_helper.go: the helper-related operations.party_receiver.go: the receiver-related operations.group.goa group abstraction for ElGamal.encryption.gothe PKE / SE functionalityprf.gothe Hash-DH OPRF (for use with ElGamal PKE)table.gosome basic types (plaintext table, joined table) and functions for tablesmppj_test.gosome end-to-end tests.benchmark_test.gosome micro-benchmarks for individual operations.apia gRPC-based service for the helper (server) and source/receiver (clients).examplesexample uses of the package in conjunction with different data formats.
- The number of sources is limited to 256, as the origin table is encoded in a single byte.
- The table values are also assumed to be smaller than 30 bytes, to enable reversible encoding to a single group element
- The large-values extension proposed of the paper is not yet implemented.
- The parties can send any number of rows and the implementation does not add any dummy value to pad to a given number.
This repository contains a prototype implementation of the MPPJ protocol. This is for academic research purposes and should not be considered production-ready. Notably, the code was not externally audited and includes several non-constant-time algorithms.