Review the Cuckoo Hash-Based Unbalanced Private Set Union: Leakage, Fix, and Optimization

A Private Set Union (PSU) protocol involves two participants-the sender and receiver-computing the union of their privately held sets, X and Y, and outputs the result to the receiver. PSU protocols are categorized into balanced (vertical bar X vertical bar approximate to vertical bar Y vertical bar) and unbalanced (vertical bar X vertical bar << vertical bar Y vertical bar or vertical bar X vertical bar >> vertical bar Y vertical bar) settings. Tu et al. (CCS 2023) developed the first efficient unbalanced PSU (vertical bar X vertical bar << vertical bar Y vertical bar) protocol using cuckoo hashing and a novel permuted Reversed Private Membership Test. In this paper, we reassess Tu et al.'s protocol and present a statistical and computational leakage attack targeting their Hash + RPMT framework. We estimate the lower bound of our attack's success probability and highlight how Tu's parameter choices lead to leaks. To counter these vulnerabilities, we offer two mitigation strategies with different trade-offs. Finally, we optimize the p-RPMT protocol by introducing a new shuffled-PMT (s-PMT), which eliminates one permutation round at no extra cost.