Consistent cross-domain access control for satellite Internet via multi-party private set union

The low Earth orbit (LEO) satellite Internet is evolving toward a cross-domain collaborative service paradigm. Each administrative domain typically relies on the consistency of local blacklists and whitelists to regulate terminal access. However, inconsistency among these access lists may be exploited by adversaries to launch practical attacks. Although reliable broadcast can synchronize these lists, both the whitelists (representing authorized identities) and blacklists (representing revoked or restricted identities) inherently reveal sensitive information. An adversary can easily infer the roaming trajectories of terminals across domains, leading to severe privacy leakage risks. To address this problem, this paper proposes a secure multi-domain black/white-list union protocol, in which each domain submits only its own identifier set, and the protocol reveals only the global union of valid identifiers without leaking the intersection or the occurrence frequency of any identifier. The proposed protocol adopts a hybrid design of symmetric and public operations, leveraging the SM2 additively homomorphic encryption scheme combined with elliptic-curve-based fast homomorphic decryption to achieve efficient and privacy-preserving black/white-list union, while remaining resilient against collusion attacks. We prove that our protocol is secure under the semi-honest model. Experimental results demonstrate that our protocol significantly outperforms state-of-the-art schemes. For instance, in a WAN setting with 8 domains, our protocol achieves approximately 1.16× to 3.32× speedup compared with existing schemes. The complete implementation of our protocol is available on GitHub at https://github.com/ShallMate/MPSU