“…Though several such protocols exist (e.g., [25], [26], [27], [28]), we develop a new one here with an interaction pattern and threat model that is better suited for our framework. In particular, existing protocols require special hardware [27] or more rounds of interaction [25], [26], or leak more information in our threat model [25], [26], [28] than the one we present. Our protocol is built on principles similar to a set-intersection cardinality protocol due to Egert et al [29,Section 4.4], though we (i) reduce the information it conveys to only the results of a membership test, versus the cardinality of a set intersection, and (ii) analyze its privacy properties in the face of malicious behavior by a requester or responder (versus only an honest-but-curious participant in their work), accounting for leakage intrinsic in the application for which we use it here.…”