Zengpeng Li,Chunguang Ma,Ding Wang,Gang Du

DOI: https://doi.org/10.1016/j.jisa.2016.11.003

IF: 4.96

2017-01-01

Journal of Information Security and Applications

Abstract:At FOCS2011 Brakerski and Vaikuntanathan proposed a single-server LWE-based private information retrieval (abbreviated as PIR) protocol with a security reduction to hard standard lattice problems and nearly optimal communication complexity. However, Brakerski just described a generic PIR protocol that utilized a somewhat homomorphic encryption and an arbitrary symmetric encryption as building blocks, he did not instantiate the generic construction. In this work, we first modify Brakerski's construction without the evaluating key and construct a new PIR model. Moreover, we instantiate our new model via matrix FHE first proposed by Ryo et al. at PKC2015 and vector symmetric encryption scheme proposed in this work as building block. Then we optimize the Response operations and several other aspects of the scheme.

Quang Cao,Hong Yen Tran,Son Hoang Dau,Xun Yi,Emanuele Viterbo,Chen Feng,Yu-Chih Huang,Jingge Zhu,Stanislav Kruglik,Han Mao Kiah

2023-09-25

Abstract:A private information retrieval (PIR) scheme allows a client to retrieve a data item $x_i$ among $n$ items $x_1,x_2,\ldots,x_n$ from $k$ servers, without revealing what $i$ is even when $t < k$ servers collude and try to learn $i$. Such a PIR scheme is said to be $t$-private. A PIR scheme is $v$-verifiable if the client can verify the correctness of the retrieved $x_i$ even when $v \leq k$ servers collude and try to fool the client by sending manipulated data. Most of the previous works in the literature on PIR assumed that $v < k$, leaving the case of all-colluding servers open. We propose a generic construction that combines a linear map commitment (LMC) and an arbitrary linear PIR scheme to produce a $k$-verifiable PIR scheme, termed a committed PIR scheme. Such a scheme guarantees that even in the worst scenario, when all servers are under the control of an attacker, although the privacy is unavoidably lost, the client won't be fooled into accepting an incorrect $x_i$. We demonstrate the practicality of our proposal by implementing the committed PIR schemes based on the Lai-Malavolta LMC and three well-known PIR schemes using the GMP library and blst, the current fastest C library for elliptic curve pairings.

Cryptography and Security,Databases,Information Retrieval

Shang, Shuai,Wang, Haolin,Cai, Ziwen,Zhao, Yun,Li, Xiong

DOI: https://doi.org/10.1007/s11235-024-01162-1

2024-05-29

Telecommunication Systems

Abstract:Private information retrieval, which allows users to securely retrieve information stored in a single server or multiple servers without disclosing any query content to the server, has attracted much attention in recent years. However, most of the existing private information retrieval schemes cannot achieve data retrieval and data integrity authentication simultaneously. To address the above challenges, this paper proposes a verifiable private information retrieval scheme based on parity in a single-server architecture. Specifically, the data owner generates parity information for each data and extends the original database. Then the data owner generates hint information for the query client, and according to the inverse of the hint information, the matrix confusion and permutation of the extensible database are carried out on the database and the hint information is sent to the client. The client selects the corresponding element in the hint to generate the query vector and executes the reconstruction and verification phase after receiving the answer to accomplish the retrieval process. A series of security games prove that this scheme meets the privacy requirements defined by the PIR scheme, and experimental analysis shows that compared with related schemes, our scheme has certain advantages in time cost. The time of verification information generation is 0.3% of APIR and FMAPIR, the reconstruction time is 1.6% of APIR and 1.1% of FMAPIR and the query time is much less than them.

telecommunications

Stanislav Kruglik,Son Hoang Dau,Han Mao Kiah,Huaxiong Wang,Liang Feng Zhang

DOI: https://doi.org/10.1109/tifs.2024.3453550

IF: 7.231

2024-09-20

IEEE Transactions on Information Forensics and Security

Abstract:Private Information Retrieval (PIR) protocols allow a client to retrieve any file of interest while keeping the files identity hidden from the database servers. While many existing PIR protocols assume servers to be honest but curious, we investigate the scenario of dishonest servers that provide incorrect answers to mislead clients into obtaining wrong results. We propose a unified framework for polynomial PIR protocols encompassing various existing protocols that optimize the download rate or total communication cost. We introduce a way to transform a polynomial PIR to a verifiable one without increasing the number of involved servers by doubling the queries. The security guarantees can be information-theoretic or computational, and the verification keys can be public or private. Moreover, in one of our protocols, the ratio between the additional download overhead associated with verification and the normal download cost approaches zero as the file size goes to infinity.

computer science, theory & methods,engineering, electrical & electronic

Hsuan-Yin Lin,Siddhartha Kumar,Eirik Rosnes,Alexandre Graell i Amat,Eitan Yaakobi

DOI: https://doi.org/10.48550/arXiv.2007.10174

2021-11-02

Abstract:Private information retrieval (PIR) protocols ensure that a user can download a file from a database without revealing any information on the identity of the requested file to the servers storing the database. While existing protocols strictly impose that no information is leaked on the file's identity, this work initiates the study of the tradeoffs that can be achieved by relaxing the perfect privacy requirement. We refer to such protocols as weakly-private information retrieval (WPIR) protocols. In particular, for the case of multiple noncolluding replicated servers, we study how the download rate, the upload cost, and the access complexity can be improved when relaxing the full privacy constraint. To quantify the information leakage on the requested file's identity we consider mutual information (MI), worst-case information leakage, and maximal leakage (MaxL). We present two WPIR schemes, denoted by Scheme A and Scheme B, based on two recent PIR protocols and show that the download rate of the former can be optimized by solving a convex optimization problem. We also show that Scheme A achieves an improved download rate compared to the recently proposed scheme by Samy et al. under the so-called $\epsilon$-privacy metric. Additionally, a family of schemes based on partitioning is presented. Moreover, we provide an information-theoretic converse bound for the maximum possible download rate for the MI and MaxL privacy metrics under a practical restriction on the alphabet size of queries and answers. For two servers and two files, the bound is tight under the MaxL metric, which settles the WPIR capacity in this particular case. Finally, we compare the performance of the proposed schemes and their gap to the converse bound.

Information Theory

Wenyuan Zhao,Yu Shin Huang,Ruida Zhou,Chao Tian

2024-02-28

Abstract:We study the problem of weakly private information retrieval (PIR) when there is heterogeneity in servers' trustfulness under the maximal leakage (Max-L) metric and mutual information (MI) metric. A user wishes to retrieve a desired message from N non-colluding servers efficiently, such that the identity of the desired message is not leaked in a significant manner; however, some servers can be more trustworthy than others. We propose a code construction for this setting and optimize the probability distribution for this construction. For the Max-L metric, it is shown that the optimal probability allocation for the proposed scheme essentially separates the delivery patterns into two parts: a completely private part that has the same download overhead as the capacity-achieving PIR code, and a non-private part that allows complete privacy leakage but has no download overhead by downloading only from the most trustful server. The optimal solution is established through a sophisticated analysis of the underlying convex optimization problem, and a reduction between the homogeneous setting and the heterogeneous setting. For the MI metric, the homogeneous case is studied first for which the code can be optimized with an explicit probability assignment, while a closed-form solution becomes intractable for the heterogeneous case. Numerical results are provided for both cases to corroborate the theoretical analysis.

Information Theory

Cheng Huang 0001,Anjia Yang,Dongxiao Liu,Rongxing Lu,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/iccc57788.2023.10233605

2023-01-01

Abstract:In this paper, we propose a high-throughput, logarithmic-bandwidth private information retrieval (PIR) scheme, which enables a client to securely retrieve any record from a database replicated on two remote servers without revealing the record index. Specifically, based on the puncturable pseudorandom function (PPRF), a client first leverages randomized mapping to locate a logarithmic-size punctured PRF key capable of replacing a randomized set of arbitrary size while concealing a chosen element within the set. With the key, the client then generates corresponding PIR queries for two servers, achieving logarithmic communication complexity. Upon receiving the queries, the servers independently perform level-I PPRF evaluations on partitioned databases, i.e., buckets, to obtain intermediate results, and cooperatively perform level-II PPRF evaluations on these results to provide fast PIR responses. The two-level recursive approach can significantly reduce the servers’ computational complexity from linear to sublinear, ensuring high throughput. Finally, we conduct a comprehensive security analysis and develop a proof-of-concept prototype to demonstrate the efficiency and security of the proposed PIR scheme.

QI Kun,HUANG Liu-sheng,LUO Yong-long,JING Wei-wei

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.07.007

2007-01-01

Abstract:The Private Information Retrieval protocol(PIR) is an important secure multi-party computation protocol.In PIR,a user can perform a query from a database without revealing his private information;meanwhile the privacy of the database will be protected,too.This paper proposes a new scheme in which we apply cryptographic technology on the auxiliary random servers protocol to solve the problem of PIR.This scheme is efficient in computational complexity and doesn't increase the cost of communication.It is very practical and can retrieve a block of bits.Detailed analysis of security,computational complexity and communicational complexity to the scheme is also given in this paper.

Xun Yi,M. G. Kaosar,R. Paulet,E. Bertino,Mohammed Golam Kaosar,Russell Paulet,Elisa Bertino

DOI: https://doi.org/10.1109/tkde.2012.90

IF: 9.235

2013-05-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Private Information Retrieval (PIR) allows a user to retrieve the ith bit of an n-bit database without revealing to the database server the value of i. In this paper, we present a PIR protocol with the communication complexity of O(γ logn) bits, where -y is the ciphertext size. Furthermore, we extend the PIR protocol to a private block retrieval (PBR) protocol, a natural and more practical extension of PIR in which the user retrieves a block of bits, instead of retrieving single bit. Our protocols are built on the state-of-the-art fully homomorphic encryption (FHE) techniques and provide privacy for the user if the underlying FHE scheme is semantically secure. The total communication complexity of our PBR is O(γ logm + γn/m) bits, where m is the number of blocks. The total computation complexity of our PBR is O(m logm) modular multiplications plus O(n=2) modular additions. In terms of total protocol execution time, our PBR protocol is more efficient than existing PBR protocols which usually require to compute O(n=2) modular multiplications when the size of a block in the database is large and a high-speed network is available.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Julien Lavauzelle

DOI: https://doi.org/10.1109/tit.2018.2861747

IF: 2.5

2019-02-01

IEEE Transactions on Information Theory

Abstract:Private information retrieval (PIR) protocols allow a user to retrieve entries of a database without revealing the index of the desired item. Information-theoretical privacy can be achieved by the use of several servers and specific retrieval algorithms. Most known PIR protocols focus on decreasing the number of bits exchanged between the client and the server(s) during the retrieval process. On another side, Fazeli et al. introduced so-called PIR codes in order to reduce the storage overhead on the servers. However, few works address the issue of the computation complexity of the servers. In this paper, we show that a specific encoding of the database yields PIR protocols with reasonable communication complexity, low storage overhead, and optimal computational complexity for the servers. This encoding is based on incidence matrices of transversal designs, from which a natural and efficient recovering algorithm is derived. We also present several instances for our construction, which make use of finite geometries and orthogonal arrays. We finally give a generalization of our main construction in order to resist collusions of servers.

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-13708-2_26

2010-01-01

Abstract:Assume that a client outsources his database to a remote storage-provider (the server), so that for privacy reasons, the client's database is encrypted by his secret key. During a PIR-writing protocol, the client updates one element of the encrypted database without revealing to the semi-honest server which element was updated and, of course, to which value. The best previous PIR-writing protocols had square-root communication complexity. In this paper, we propose two new PIR-writing protocols. The first one can be based on (say) the Damgard-Jurik additively homomorphic public-key cryptosystem, and it has (amortized) polylogarithmic communication for a limited number of updates. The second one is based on a fully-homomorphic public-key cryptosystem, a much stronger primitive, but it achieves optimal logarithmic communication.

Hsuan-Yin Lin,Siddhartha Kumar,Eirik Rosnes,Alexandre Graell i Amat,Eitan Yaakobi

DOI: https://doi.org/10.48550/arXiv.2001.08727

2021-01-30

Abstract:A private information retrieval (PIR) protocol guarantees that a user can privately retrieve files stored in a database without revealing any information about the identity of the requested file. Existing information-theoretic PIR protocols ensure perfect privacy, i.e., zero information leakage to the servers storing the database, but at the cost of high download. In this work, we present weakly-private information retrieval (WPIR) schemes that trade off perfect privacy to improve the download cost when the database is stored on a single server. We study the tradeoff between the download cost and information leakage in terms of mutual information (MI) and maximal leakage (MaxL) privacy metrics. By relating the WPIR problem to rate-distortion theory, the download-leakage function, which is defined as the minimum required download cost of all single-server WPIR schemes for a given level of information leakage and a fixed file size, is introduced. By characterizing the download-leakage function for the MI and MaxL metrics, the capacity of single-server WPIR is fully described.

Information Theory

Arman Fazeli,Alexander Vardy,Eitan Yaakobi

DOI: https://doi.org/10.48550/arXiv.1505.06241

2015-05-23

Abstract:Private information retrieval (PIR) protocols allow a user to retrieve a data item from a database without revealing any information about the identity of the item being retrieved. Specifically, in information-theoretic $k$-server PIR, the database is replicated among $k$ non-communicating servers, and each server learns nothing about the item retrieved by the user. The cost of PIR protocols is usually measured in terms of their communication complexity, which is the total number of bits exchanged between the user and the servers, and storage overhead, which is the ratio between the total number of bits stored on all the servers and the number of bits in the database. Since single-server information-theoretic PIR is impossible, the storage overhead of all existing PIR protocols is at least $2$. In this work, we show that information-theoretic PIR can be achieved with storage overhead arbitrarily close to the optimal value of $1$, without sacrificing the communication complexity. Specifically, we prove that all known $k$-server PIR protocols can be efficiently emulated, while preserving both privacy and communication complexity but significantly reducing the storage overhead. To this end, we distribute the $n$ bits of the database among $s+r$ servers, each storing $n/s$ coded bits (rather than replicas). For every fixed $k$, the resulting storage overhead $(s+r)/s$ approaches $1$ as $s$ grows; explicitly we have $r\le k\sqrt{s}(1+o(1))$. Moreover, in the special case $k = 2$, the storage overhead is only $1 + \frac{1}{s}$. In order to achieve these results, we introduce and study a new kind of binary linear codes, called here $k$-server PIR codes. We then show how such codes can be constructed, and we establish several bounds on the parameters of $k$-server PIR codes. Finally, we briefly discuss extensions of our results to nonbinary alphabets, to robust PIR, and to $t$-private PIR.

Information Theory

Umberto Martínez-Peñas

2024-03-19

Abstract:We consider information-theoretical private information retrieval (PIR) from a coded database with colluding servers. We target, for the first time, locally repairable storage codes (LRCs). We consider any number of local groups $ g $, locality $ r $, local distance $ \delta $ and dimension $ k $. Our main contribution is a PIR scheme for maximally recoverable (MR) LRCs based on linearized Reed--Solomon codes, which achieve the smallest field sizes among MR-LRCs for many parameter regimes. In our scheme, nodes are identified with codeword symbols and servers are identified with local groups of nodes. Only locally non-redundant information is downloaded from each server, that is, only $ r $ nodes (out of $ r+\delta-1 $) are downloaded per server. The PIR scheme achieves the (download) rate $ R = (N - k - rt + 1)/N $, where $ N = gr $ is the length of the MDS code obtained after removing the local parities, and for any $ t $ colluding servers such that $ k + rt \leq N $. For an unbounded number of stored files, the obtained rate is strictly larger than those of known PIR schemes that work for any MDS code. Finally, the obtained PIR scheme can also be adapted when communication between the user and each server is performed via linear network coding, achieving the same rate as previous PIR schemes for this scenario but with polynomial finite field sizes, instead of exponential. Our rates are equal to those of PIR schemes for Reed--Solomon codes, but Reed--Solomon codes are incompatible with the MR-LRC property or linear network coding, thus our PIR scheme is less restrictive in its applications.

Information Theory

Chengyuan Qian,Ruida Zhou,Chao Tian,Tie Liu

DOI: https://doi.org/10.48550/arXiv.2205.01611

2022-05-04

Abstract:We study the problem of weakly private information retrieval (W-PIR), where a user wishes to retrieve a desired message from $N$ non-colluding servers in a way that the privacy leakage regarding the desired message's identity is less than or equal to a threshold. We propose a new code construction which significantly improves upon the best known result in the literature, based on the following critical observation. In previous constructions, for the extreme case of minimum download, the retrieval pattern is to download the message directly from $N-1$ servers; however this causes leakage to all these $N-1$ servers, and a better retrieval pattern for this extreme case is to download the message directly from a single server. The proposed code construction allows a natural transition to such a pattern, and for both the maximal leakage metric and the mutual information leakage metric, significant improvements can be obtained. We provide explicit solutions, in contrast to a previous work by Lin et al., where only numerical solutions were obtained.

Information Theory

Lingfei Jin,Haibin Kan,Yuan Luo,Wenqing Zhang

DOI: https://doi.org/10.1109/tit.2022.3144034

IF: 2.5

2022-01-01

IEEE Transactions on Information Theory

Abstract:Locally Repairable codes (LRCs) have gained significant interest due to applications in distributed storage systems since they enable systems to recover a failed node by accessing few other active nodes. In particular, LRCs with large availability are highly desirable for parallel reading of hot data. In addition to the above applications in distributed storage systems, it was shown by Fazeli et al. that an LRC with large availability can produce a good private information retrieval (PIR) code which allows to reduce the storage overhead of a PIR protocol. Roughly speaking, one can obtain a good PIR code as long as there exists an LRC with large availability. One of the main tasks in studying PIR codes is to design a $t$ -server PIR code with small length for the given dimension. In particular, the construction of binary PIR codes is of great interest. In this paper, we consider a construction of binary LRCs from polynomial evaluations. As a result, a new class of binary LRCs with large availability are obtained. Applying such LRCs to PIR codes, we obtain a new class of binary PIR codes. On one hand, the binary LRCs constructed are new in the sense that the parameter regime is not covered by the known LRCs. On the other hand, the parameters of PIR codes derived from our LRCs outperform the known results in certain parameter regimes and achieve the lower bound given by Fazeli et al. up to an absolute constant.

Raphael R. Toledo,George Danezis,Ian Goldberg

DOI: https://doi.org/10.48550/arXiv.1604.00223

2016-04-01

Abstract:Private Information Retrieval (PIR), despite being well studied, is computationally costly and arduous to scale. We explore lower-cost relaxations of information-theoretic PIR, based on dummy queries, sparse vectors, and compositions with an anonymity system. We prove the security of each scheme using a flexible differentially private definition for private queries that can capture notions of imperfect privacy. We show that basic schemes are weak, but some of them can be made arbitrarily safe by composing them with large anonymity systems.

Information Retrieval,Cryptography and Security

Yiwei Zhang,Xin Wang,Hengjia Wei,Gennian Ge

DOI: https://doi.org/10.48550/arXiv.1609.09167

2016-09-29

Abstract:Given a database, the private information retrieval (PIR) protocol allows a user to make queries to several servers and retrieve a certain item of the database via the feedbacks, without revealing the privacy of the specific item to any single server. Classical models of PIR protocols require that each server stores a whole copy of the database. Recently new PIR models are proposed with coding techniques arising from distributed storage system. In these new models each server only stores a fraction $1/s$ of the whole database, where $s>1$ is a given rational number. PIR array codes are recently proposed by Fazeli, Vardy and Yaakobi to characterize the new models. Consider a PIR array code with $m$ servers and the $k$-PIR property (which indicates that these $m$ servers may emulate any efficient $k$-PIR protocol). The central problem is to design PIR array codes with optimal rate $k/m$. Our contribution to this problem is three-fold. First, for the case $1<s\le 2$, although PIR array codes with optimal rate have been constructed recently by Blackburn and Etzion, the number of servers in their construction is impractically large. We determine the minimum number of servers admitting the existence of a PIR array code with optimal rate for a certain range of parameters. Second, for the case $s>2$, we derive a new upper bound on the rate of a PIR array code. Finally, for the case $s>2$, we analyze a new construction by Blackburn and Etzion and show that its rate is better than all the other existing constructions.

Information Theory

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-16342-5_12

2010-01-01

Abstract:In a selective private function evaluation (SPFE) protocol, the client privately computes some predefined function on his own input and on m out of server's n database elements. We propose two new generalized SPFE protocols that are based on the new cryptocomputing protocol by Ishai and Paskin and an efficient CPIR. The first protocol works only for constant values of m,, but has 2 messages, and is most efficient when m = 1. The second SPFE protocol works for any m, has 4 messages, and is efficient for a large class of functionalities. We then propose an efficient protocol for private similarity test, where one can compute how similar client's input is to a specific element in server's database, without revealing any information to the server. The latter protocol has applications in biometric authentication.

Yiwei Zhang,Gennian Ge

DOI: https://doi.org/10.48550/arXiv.1705.03186

2017-10-11

Abstract:Private information retrieval (PIR) gets renewed attentions due to its information-theoretic reformulation and its application in distributed storage system (DSS). The general PIR model considers a coded database containing $N$ servers storing $M$ files. Each file is stored independently via the same arbitrary $(N,K)$-MDS code. A user wants to retrieve a specific file from the database privately against an arbitrary set of $T$ colluding servers. A key problem is to analyze the PIR capacity, defined as the maximal number of bits privately retrieved per one downloaded bit. Several extensions for the general model appear by bringing in various additional constraints. In this paper, we propose a general PIR scheme for several variant PIR models including: PIR with robust servers, PIR with Byzantine servers, the multi-file PIR model and PIR with arbitrary collusion patterns.

Information Theory