QI Kun,HUANG Liu-sheng,LUO Yong-long,JING Wei-wei

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.07.007

2007-01-01

Abstract:The Private Information Retrieval protocol(PIR) is an important secure multi-party computation protocol.In PIR,a user can perform a query from a database without revealing his private information;meanwhile the privacy of the database will be protected,too.This paper proposes a new scheme in which we apply cryptographic technology on the auxiliary random servers protocol to solve the problem of PIR.This scheme is efficient in computational complexity and doesn't increase the cost of communication.It is very practical and can retrieve a block of bits.Detailed analysis of security,computational complexity and communicational complexity to the scheme is also given in this paper.

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-13708-2_26

2010-01-01

Abstract:Assume that a client outsources his database to a remote storage-provider (the server), so that for privacy reasons, the client's database is encrypted by his secret key. During a PIR-writing protocol, the client updates one element of the encrypted database without revealing to the semi-honest server which element was updated and, of course, to which value. The best previous PIR-writing protocols had square-root communication complexity. In this paper, we propose two new PIR-writing protocols. The first one can be based on (say) the Damgard-Jurik additively homomorphic public-key cryptosystem, and it has (amortized) polylogarithmic communication for a limited number of updates. The second one is based on a fully-homomorphic public-key cryptosystem, a much stronger primitive, but it achieves optimal logarithmic communication.

Julien Lavauzelle

DOI: https://doi.org/10.1109/tit.2018.2861747

IF: 2.5

2019-02-01

IEEE Transactions on Information Theory

Abstract:Private information retrieval (PIR) protocols allow a user to retrieve entries of a database without revealing the index of the desired item. Information-theoretical privacy can be achieved by the use of several servers and specific retrieval algorithms. Most known PIR protocols focus on decreasing the number of bits exchanged between the client and the server(s) during the retrieval process. On another side, Fazeli et al. introduced so-called PIR codes in order to reduce the storage overhead on the servers. However, few works address the issue of the computation complexity of the servers. In this paper, we show that a specific encoding of the database yields PIR protocols with reasonable communication complexity, low storage overhead, and optimal computational complexity for the servers. This encoding is based on incidence matrices of transversal designs, from which a natural and efficient recovering algorithm is derived. We also present several instances for our construction, which make use of finite geometries and orthogonal arrays. We finally give a generalization of our main construction in order to resist collusions of servers.

Cheng Huang 0001,Anjia Yang,Dongxiao Liu,Rongxing Lu,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/iccc57788.2023.10233605

2023-01-01

Abstract:In this paper, we propose a high-throughput, logarithmic-bandwidth private information retrieval (PIR) scheme, which enables a client to securely retrieve any record from a database replicated on two remote servers without revealing the record index. Specifically, based on the puncturable pseudorandom function (PPRF), a client first leverages randomized mapping to locate a logarithmic-size punctured PRF key capable of replacing a randomized set of arbitrary size while concealing a chosen element within the set. With the key, the client then generates corresponding PIR queries for two servers, achieving logarithmic communication complexity. Upon receiving the queries, the servers independently perform level-I PPRF evaluations on partitioned databases, i.e., buckets, to obtain intermediate results, and cooperatively perform level-II PPRF evaluations on these results to provide fast PIR responses. The two-level recursive approach can significantly reduce the servers’ computational complexity from linear to sublinear, ensuring high throughput. Finally, we conduct a comprehensive security analysis and develop a proof-of-concept prototype to demonstrate the efficiency and security of the proposed PIR scheme.

Zengpeng Li,Chunguang Ma,Ding Wang,Gang Du

DOI: https://doi.org/10.1016/j.jisa.2016.11.003

IF: 4.96

2017-01-01

Journal of Information Security and Applications

Abstract:At FOCS2011 Brakerski and Vaikuntanathan proposed a single-server LWE-based private information retrieval (abbreviated as PIR) protocol with a security reduction to hard standard lattice problems and nearly optimal communication complexity. However, Brakerski just described a generic PIR protocol that utilized a somewhat homomorphic encryption and an arbitrary symmetric encryption as building blocks, he did not instantiate the generic construction. In this work, we first modify Brakerski's construction without the evaluating key and construct a new PIR model. Moreover, we instantiate our new model via matrix FHE first proposed by Ryo et al. at PKC2015 and vector symmetric encryption scheme proposed in this work as building block. Then we optimize the Response operations and several other aspects of the scheme.

Quang Cao,Hong Yen Tran,Son Hoang Dau,Xun Yi,Emanuele Viterbo,Chen Feng,Yu-Chih Huang,Jingge Zhu,Stanislav Kruglik,Han Mao Kiah

2023-09-25

Abstract:A private information retrieval (PIR) scheme allows a client to retrieve a data item $x_i$ among $n$ items $x_1,x_2,\ldots,x_n$ from $k$ servers, without revealing what $i$ is even when $t < k$ servers collude and try to learn $i$. Such a PIR scheme is said to be $t$-private. A PIR scheme is $v$-verifiable if the client can verify the correctness of the retrieved $x_i$ even when $v \leq k$ servers collude and try to fool the client by sending manipulated data. Most of the previous works in the literature on PIR assumed that $v < k$, leaving the case of all-colluding servers open. We propose a generic construction that combines a linear map commitment (LMC) and an arbitrary linear PIR scheme to produce a $k$-verifiable PIR scheme, termed a committed PIR scheme. Such a scheme guarantees that even in the worst scenario, when all servers are under the control of an attacker, although the privacy is unavoidably lost, the client won't be fooled into accepting an incorrect $x_i$. We demonstrate the practicality of our proposal by implementing the committed PIR schemes based on the Lai-Malavolta LMC and three well-known PIR schemes using the GMP library and blst, the current fastest C library for elliptic curve pairings.

Cryptography and Security,Databases,Information Retrieval

Syed Mahbub Hafiz,Chitrabhanu Gupta,Warren Wnuck,Brijesh Vora,Chen-Nee Chuah

2024-03-20

Abstract:Private information retrieval (PIR), a privacy-preserving cryptographic tool, solves a simplified version of this problem by hiding the database item that a client accesses. Most PIR protocols require the client to know the exact row index of the intended database item, which cannot support the complicated aggregation-based statistical query in a similar setting. Some works in the PIR space contain keyword searching and SQL-like queries, but most need multiple interactions between the PIR client and PIR servers. Some schemes support searching SQL-like expressive queries in a single round but fail to enable aggregate queries. These schemes are the main focus of this paper. To bridge the gap, we have built a general-purpose novel information-theoretic PIR (IT-PIR) framework that permits a user to fetch the aggregated result, hiding all sensitive sections of the complex query from the hosting PIR server in a single round of interaction. In other words, the server will not know which records contribute to the aggregation. We then evaluate the feasibility of our protocol for both benchmarking and real-world application settings. For instance, in a complex aggregate query to the Twitter microblogging database of 1 million tweets, our protocol takes 0.014 seconds for a PIR server to generate the result when the user is interested in one of 3K user handles. In contrast, for a much-simplified task, not an aggregate but a positional query, Goldberg's regular IT-PIR (Oakland 2007) takes 1.13 seconds. For all possible user handles, 300K, it takes equal time compared to the regular IT-PIR. This example shows that complicated aggregate queries through our framework do not incur additional overhead if not less, compared to the conventional query.

Computer Science

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-16342-5_12

2010-01-01

Abstract:In a selective private function evaluation (SPFE) protocol, the client privately computes some predefined function on his own input and on m out of server's n database elements. We propose two new generalized SPFE protocols that are based on the new cryptocomputing protocol by Ishai and Paskin and an efficient CPIR. The first protocol works only for constant values of m,, but has 2 messages, and is most efficient when m = 1. The second SPFE protocol works for any m, has 4 messages, and is efficient for a large class of functionalities. We then propose an efficient protocol for private similarity test, where one can compute how similar client's input is to a specific element in server's database, without revealing any information to the server. The latter protocol has applications in biometric authentication.

Shang, Shuai,Wang, Haolin,Cai, Ziwen,Zhao, Yun,Li, Xiong

DOI: https://doi.org/10.1007/s11235-024-01162-1

2024-05-29

Telecommunication Systems

Abstract:Private information retrieval, which allows users to securely retrieve information stored in a single server or multiple servers without disclosing any query content to the server, has attracted much attention in recent years. However, most of the existing private information retrieval schemes cannot achieve data retrieval and data integrity authentication simultaneously. To address the above challenges, this paper proposes a verifiable private information retrieval scheme based on parity in a single-server architecture. Specifically, the data owner generates parity information for each data and extends the original database. Then the data owner generates hint information for the query client, and according to the inverse of the hint information, the matrix confusion and permutation of the extensible database are carried out on the database and the hint information is sent to the client. The client selects the corresponding element in the hint to generate the query vector and executes the reconstruction and verification phase after receiving the answer to accomplish the retrieval process. A series of security games prove that this scheme meets the privacy requirements defined by the PIR scheme, and experimental analysis shows that compared with related schemes, our scheme has certain advantages in time cost. The time of verification information generation is 0.3% of APIR and FMAPIR, the reconstruction time is 1.6% of APIR and 1.1% of FMAPIR and the query time is much less than them.

telecommunications

Liang Zhao,Xingfeng Wang,Xinyi Huang

DOI: https://doi.org/10.1016/j.ins.2020.08.071

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>Private Information Retrieval (PIR) allows a client to privately retrieve some data from a public database. There exist two types of PIR: (computational) Single-server PIR (SPIR) and (information-theoretic) multi-server PIR. In this paper, we focus on exploring SPIR. We first propose a simple and efficient additively-homomorphic encryption scheme of which privacy is based on the learning with binary errors assumption that is known as an interesting candidate for practical lattice-based cryptography. Then, according to our proposed homomorphic encryption scheme, we give a Verifiable (single/multi-bit) SPIR (VSPIR) scheme for the single-query case under the malicious server model. To the best of our knowledge, our proposal is the first practical non-interactive VSPIR scheme employing an efficient probabilistic proof that can discover the forged result with overwhelming probability. The corresponding communication complexity and computational complexity are comparable with those of some typical SPIR schemes. Moreover, we extend our single-query VSPIR scheme to construct a non-interactive multi-query solution. In particular, the corresponding communication complexity and computational complexity are the same as those of the single-query scheme. Finally, we provide detailed implementation results to confirm efficiency of our proposals.</p>

computer science, information systems

Raphael R. Toledo,George Danezis,Ian Goldberg

DOI: https://doi.org/10.48550/arXiv.1604.00223

2016-04-01

Abstract:Private Information Retrieval (PIR), despite being well studied, is computationally costly and arduous to scale. We explore lower-cost relaxations of information-theoretic PIR, based on dummy queries, sparse vectors, and compositions with an anonymity system. We prove the security of each scheme using a flexible differentially private definition for private queries that can capture notions of imperfect privacy. We show that basic schemes are weak, but some of them can be made arbitrarily safe by composing them with large anonymity systems.

Information Retrieval,Cryptography and Security

Hsuan-Yin Lin,Siddhartha Kumar,Eirik Rosnes,Alexandre Graell i Amat,Eitan Yaakobi

DOI: https://doi.org/10.48550/arXiv.2007.10174

2021-11-02

Abstract:Private information retrieval (PIR) protocols ensure that a user can download a file from a database without revealing any information on the identity of the requested file to the servers storing the database. While existing protocols strictly impose that no information is leaked on the file's identity, this work initiates the study of the tradeoffs that can be achieved by relaxing the perfect privacy requirement. We refer to such protocols as weakly-private information retrieval (WPIR) protocols. In particular, for the case of multiple noncolluding replicated servers, we study how the download rate, the upload cost, and the access complexity can be improved when relaxing the full privacy constraint. To quantify the information leakage on the requested file's identity we consider mutual information (MI), worst-case information leakage, and maximal leakage (MaxL). We present two WPIR schemes, denoted by Scheme A and Scheme B, based on two recent PIR protocols and show that the download rate of the former can be optimized by solving a convex optimization problem. We also show that Scheme A achieves an improved download rate compared to the recently proposed scheme by Samy et al. under the so-called $\epsilon$-privacy metric. Additionally, a family of schemes based on partitioning is presented. Moreover, we provide an information-theoretic converse bound for the maximum possible download rate for the MI and MaxL privacy metrics under a practical restriction on the alphabet size of queries and answers. For two servers and two files, the bound is tight under the MaxL metric, which settles the WPIR capacity in this particular case. Finally, we compare the performance of the proposed schemes and their gap to the converse bound.

Information Theory

Ali Gholami,Kai Wan,Tayyebeh Jahani-Nezhad,Hua Sun,Mingyue Ji,Giuseppe Caire

2024-08-23

Abstract:In a typical formulation of the private information retrieval (PIR) problem, a single user wishes to retrieve one out of $ K$ files from $N$ servers without revealing the demanded file index to any server. This paper formulates an extended model of PIR, referred to as multi-message private computation (MM-PC), where instead of retrieving a single file, the user wishes to retrieve $P>1$ linear combinations of files while preserving the privacy of the demand information. The MM-PC problem is a generalization of the private computation (PC) problem (where the user requests one linear combination of the files), and the multi-message private information retrieval (MM-PIR) problem (where the user requests $P>1$ files). A baseline achievable scheme repeats the optimal PC scheme by Sun and Jafar $P$ times, or treats each possible demanded linear combination as an independent file and then uses the near optimal MM-PIR scheme by Banawan and Ulukus. In this paper, we propose a new MM-PC scheme that significantly improves upon the baseline schemes. In doing so, we design the queries inspired by the structure in the cache-aided scalar linear function retrieval scheme by Wan {\it et al.}, which leverages the dependency between linear functions to reduce the amount of communications. To ensure the decodability of our scheme, we propose a new method to benefit from the existing dependency, referred to as the sign assignment step. In the end, we use Maximum Distance Separable matrices to code the queries, which allows the reduction of download from the servers, while preserving privacy. By the proposed schemes, we characterize the capacity within a multiplicative factor of $2$.

Information Theory

Yiwei Zhang,Xin Wang,Hengjia Wei,Gennian Ge

DOI: https://doi.org/10.48550/arXiv.1609.09167

2016-09-29

Abstract:Given a database, the private information retrieval (PIR) protocol allows a user to make queries to several servers and retrieve a certain item of the database via the feedbacks, without revealing the privacy of the specific item to any single server. Classical models of PIR protocols require that each server stores a whole copy of the database. Recently new PIR models are proposed with coding techniques arising from distributed storage system. In these new models each server only stores a fraction $1/s$ of the whole database, where $s>1$ is a given rational number. PIR array codes are recently proposed by Fazeli, Vardy and Yaakobi to characterize the new models. Consider a PIR array code with $m$ servers and the $k$-PIR property (which indicates that these $m$ servers may emulate any efficient $k$-PIR protocol). The central problem is to design PIR array codes with optimal rate $k/m$. Our contribution to this problem is three-fold. First, for the case $1<s\le 2$, although PIR array codes with optimal rate have been constructed recently by Blackburn and Etzion, the number of servers in their construction is impractically large. We determine the minimum number of servers admitting the existence of a PIR array code with optimal rate for a certain range of parameters. Second, for the case $s>2$, we derive a new upper bound on the rate of a PIR array code. Finally, for the case $s>2$, we analyze a new construction by Blackburn and Etzion and show that its rate is better than all the other existing constructions.

Information Theory

Arman Fazeli,Alexander Vardy,Eitan Yaakobi

DOI: https://doi.org/10.48550/arXiv.1505.06241

2015-05-23

Abstract:Private information retrieval (PIR) protocols allow a user to retrieve a data item from a database without revealing any information about the identity of the item being retrieved. Specifically, in information-theoretic $k$-server PIR, the database is replicated among $k$ non-communicating servers, and each server learns nothing about the item retrieved by the user. The cost of PIR protocols is usually measured in terms of their communication complexity, which is the total number of bits exchanged between the user and the servers, and storage overhead, which is the ratio between the total number of bits stored on all the servers and the number of bits in the database. Since single-server information-theoretic PIR is impossible, the storage overhead of all existing PIR protocols is at least $2$. In this work, we show that information-theoretic PIR can be achieved with storage overhead arbitrarily close to the optimal value of $1$, without sacrificing the communication complexity. Specifically, we prove that all known $k$-server PIR protocols can be efficiently emulated, while preserving both privacy and communication complexity but significantly reducing the storage overhead. To this end, we distribute the $n$ bits of the database among $s+r$ servers, each storing $n/s$ coded bits (rather than replicas). For every fixed $k$, the resulting storage overhead $(s+r)/s$ approaches $1$ as $s$ grows; explicitly we have $r\le k\sqrt{s}(1+o(1))$. Moreover, in the special case $k = 2$, the storage overhead is only $1 + \frac{1}{s}$. In order to achieve these results, we introduce and study a new kind of binary linear codes, called here $k$-server PIR codes. We then show how such codes can be constructed, and we establish several bounds on the parameters of $k$-server PIR codes. Finally, we briefly discuss extensions of our results to nonbinary alphabets, to robust PIR, and to $t$-private PIR.

Information Theory

Stanislav Kruglik,Son Hoang Dau,Han Mao Kiah,Huaxiong Wang,Liang Feng Zhang

DOI: https://doi.org/10.1109/tifs.2024.3453550

IF: 7.231

2024-09-20

IEEE Transactions on Information Forensics and Security

Abstract:Private Information Retrieval (PIR) protocols allow a client to retrieve any file of interest while keeping the files identity hidden from the database servers. While many existing PIR protocols assume servers to be honest but curious, we investigate the scenario of dishonest servers that provide incorrect answers to mislead clients into obtaining wrong results. We propose a unified framework for polynomial PIR protocols encompassing various existing protocols that optimize the download rate or total communication cost. We introduce a way to transform a polynomial PIR to a verifiable one without increasing the number of involved servers by doubling the queries. The security guarantees can be information-theoretic or computational, and the verification keys can be public or private. Moreover, in one of our protocols, the ratio between the additional download overhead associated with verification and the normal download cost approaches zero as the file size goes to infinity.

computer science, theory & methods,engineering, electrical & electronic

Craig Gentry,Shai Halevi,Bernardo Magri,Jesper Buus Nielsen,Sophia Yakoubov

DOI: https://doi.org/10.1007/978-3-030-90456-2_2

2021-01-01

Abstract:Private information retrieval (PIR) lets a client retrieve an entry from a database without the server learning which entry was retrieved. Here we study a weaker variant that we call random-index PIR (RPIR), where the retrieved index is an output rather than an input of the protocol, and is chosen at random. RPIR is clearly weaker than PIR, but it suffices for some interesting applications and may be realized more efficiently than full-blown PIR.We report here on two lines of work, both tied to RPIR but otherwise largely unrelated. The first line of work studies RPIR as a primitive on its own. Perhaps surprisingly, we show that RPIR is in fact equivalent to PIR when there are no restrictions on the number of communication rounds. On the other hand, RPIR can be implemented in a “noninteractive” setting (with pre-processing), which is clearly impossible for PIR. For two-server RPIR we even show a truly noninteractive solution, offering information-theoretic security without any pre-processing.The other line of work, which was the original motivation for our work, uses RPIR to improve on the recent work of Benhamouda et al. (TCC’20) for maintaining secret values on public blockchains. Their solution depends on a method for selecting many random public keys from a PKI while hiding most of the selected keys from an adversary. However, the method they proposed is vulnerable to a double-dipping attack, limiting its resilience. Here we observe that a RPIR protocol, where the client is implemented via secure MPC, can eliminate that vulnerability. We thus get a secrets-on-blockchain protocol (and more generally large-scale MPC) which is resilient to any fraction f&lt;1/2$$f &lt; 1/2$$ of corrupted parties, resolving the main open problem left from the work of Benhamouda et al.As the client in this solution is implemented via secure MPC, it really brings home the need to make it as efficient as possible. We thus strive to explore whatever efficiency gains we can get by using RPIR rather than PIR. We achieve more gains by using batch RPIR where multiple indexes are retrieved at once. Lastly, we observe that this application can make do with a weaker security guarantee than full RPIR, and show that this weaker variant can be realized even more efficiently. We discuss one protocol in particular that may be attractive for practical implementations.

Or Elimelech,Asaf Cohen

2024-10-17

Abstract:In this paper, we revisit the problem of Private Information Retrieval (PIR), where there are $N$ replicated non-communicating databases containing the same $M$ messages and a user who wishes to retrieve one of the messages without revealing the message's index to the databases. However, we assume a block-fading Additive White Gaussian Noise Multiple Access Channel (AWGN MAC) linking the user and the databases. Previous work \cite{shmuel2021private} presented a joint channel-PIR scheme, utilizing the Compute and Forward (C\&F) protocol, demonstrating the potential of a joint channel-PIR scheme over a separated one, yet still lagging behind the channel capacity. We propose an improved scheme that offers reduced computational complexity while improving the achievable rate, both for finite parameters and its scaling laws. Specifically, the achievable rate outperforms the C\&F-based approach, and scales with the number of databases $N$ and the power $P$ similarly to the channel capacity \textit{without the privacy constraint}. Furthermore, the analysis demonstrates that the improved rate exhibits only a finite gap from this unconstrained channel capacity -- $1$ $bit/sec/Hz$ as $N$ increases.

Information Theory

Okko Makkonen,David Karpuk,Camilla Hollanti

2024-08-01

Abstract:Private information retrieval (PIR) considers the problem of retrieving a data item from a database or distributed storage system without disclosing any information about which data item was retrieved. Secure PIR complements this problem by further requiring the contents of the data to be kept secure. Privacy and security can be achieved by adding suitable noise to the queries and data using methods from secret sharing. In this paper, a new framework for homomorphic secret sharing in secure and private information retrieval from colluding servers is proposed, generalizing the original cross-subspace alignment (CSA) codes proposed by Jia, Sun, and Jafar. We utilize this framework to give a secure PIR construction using algebraic geometry codes over hyperelliptic curves of arbitrary genus. It is shown that the proposed scheme offers interesting tradeoffs between the field size, file size, number of colluding servers, and the total number of servers. When the field size is fixed, this translates in some cases to higher retrieval rates than those of the original scheme. In addition, the new schemes exist also for some parameters where the original ones do not.

Information Theory

Hua Sun,Syed A. Jafar

DOI: https://doi.org/10.48550/arXiv.1605.00635

2016-05-03

Abstract:Private information retrieval (PIR) is the problem of retrieving as efficiently as possible, one out of $K$ messages from $N$ non-communicating replicated databases (each holds all $K$ messages) while keeping the identity of the desired message index a secret from each individual database. The information theoretic capacity of PIR (equivalently, the reciprocal of minimum download cost) is the maximum number of bits of desired information that can be privately retrieved per bit of downloaded information. $T$-private PIR is a generalization of PIR to include the requirement that even if any $T$ of the $N$ databases collude, the identity of the retrieved message remains completely unknown to them. Robust PIR is another generalization that refers to the scenario where we have $M \geq N$ databases, out of which any $M - N$ may fail to respond. For $K$ messages and $M\geq N$ databases out of which at least some $N$ must respond, we show that the capacity of $T$-private and Robust PIR is $\left(1+T/N+T^2/N^2+\cdots+T^{K-1}/N^{K-1}\right)^{-1}$. The result includes as special cases the capacity of PIR without robustness ($M=N$) or $T$-privacy constraints ($T=1$).

Information Theory,Cryptography and Security,Information Retrieval