34 research outputs found
Weakly-Private Information Retrieval
Private information retrieval (PIR) protocols make it possible to retrieve a file from a database without disclosing any information about the identity of the file being retrieved. These protocols have been rigorously explored from an information-theoretic perspective in recent years. While existing protocols strictly impose that no information is leaked on the file’s identity, this work initiates the study of the tradeoffs that can be achieved by relaxing the requirement of perfect privacy. In case the user is willing to leak some information on the identity of the retrieved file, we study how the PIR rate, as well as the upload cost and access complexity, can be improved. For the particular case of replicated servers, we propose two weakly-private information retrieval schemes based on two recent PIR protocols and a family of schemes based on partitioning. Lastly, we compare the performance of the proposed schemes
Weakly-Private Information Retrieval
Private information retrieval (PIR) protocols make it possible to retrieve a
file from a database without disclosing any information about the identity of
the file being retrieved. These protocols have been rigorously explored from an
information-theoretic perspective in recent years. While existing protocols
strictly impose that no information is leaked on the file's identity, this work
initiates the study of the tradeoffs that can be achieved by relaxing the
requirement of perfect privacy. In case the user is willing to leak some
information on the identity of the retrieved file, we study how the PIR rate,
as well as the upload cost and access complexity, can be improved. For the
particular case of replicated servers, we propose two weakly-private
information retrieval schemes based on two recent PIR protocols and a family of
schemes based on partitioning. Lastly, we compare the performance of the
proposed schemes.Comment: To be presented at 2019 IEEE International Symposium on Information
Theory (ISIT
How to Correct Errors in Multi-Server PIR
Suppose that there exist a user and servers . Each server holds a copy of a database , and the user holds a secret index . A b error correcting server PIR (Private Information Retrieval) scheme allows a user to retrieve correctly even if and or less servers return false answers while each server learns no information on in the information theoretic sense. Although there exists such a scheme with the total communication cost where , the decoding algorithm is very inefficient.
In this paper, we show an efficient decoding algorithm for this error correcting server PIR scheme. It runs in time
The Space Complexity of Mirror Games
We consider the following game between two players Alice and Bob, which we call the mirror game. Alice and Bob take turns saying numbers belonging to the set {1, 2, ...,N}. A player loses if they repeat a number that has already been said. Otherwise, after N turns, when all the numbers have been spoken, both players win. When N is even, Bob, who goes second, has a very simple (and memoryless) strategy to avoid losing: whenever Alice says x, respond with N+1-x. The question is: does Alice have a similarly simple strategy to win that avoids remembering all the numbers said by Bob?
The answer is no. We prove a linear lower bound on the space complexity of any deterministic winning strategy of Alice. Interestingly, this follows as a consequence of the Eventown-Oddtown theorem from extremal combinatorics. We additionally demonstrate a randomized strategy for Alice that wins with high probability that requires only O~(sqrt N) space (provided that Alice has access to a random matching on K_N).
We also investigate lower bounds for a generalized mirror game where Alice and Bob alternate saying 1 number and b numbers each turn (respectively). When 1+b is a prime, our linear lower bounds continue to hold, but when 1+b is composite, we show that the existence of a o(N) space strategy for Bob (when N != 0 mod (1+b)) implies the existence of exponential-sized matching vector families over Z^N_{1+b}
LightPIR: Privacy-Preserving Route Discovery for Payment Channel Networks
Payment channel networks are a promising approach to improve the scalability
of cryptocurrencies: they allow to perform transactions in a peer-to-peer
fashion, along multi-hop routes in the network, without requiring consensus on
the blockchain. However, during the discovery of cost-efficient routes for the
transaction, critical information may be revealed about the transacting
entities.
This paper initiates the study of privacy-preserving route discovery
mechanisms for payment channel networks. In particular, we present LightPIR, an
approach which allows a source to efficiently discover a shortest path to its
destination without revealing any information about the endpoints of the
transaction. The two main observations which allow for an efficient solution in
LightPIR are that: (1) surprisingly, hub labelling algorithms - which were
developed to preprocess "street network like" graphs so one can later
efficiently compute shortest paths - also work well for the graphs underlying
payment channel networks, and that (2) hub labelling algorithms can be directly
combined with private information retrieval.
LightPIR relies on a simple hub labeling heuristic on top of existing hub
labeling algorithms which leverages the specific topological features of
cryptocurrency networks to further minimize storage and bandwidth overheads. In
a case study considering the Lightning network, we show that our approach is an
order of magnitude more efficient compared to a privacy-preserving baseline
based on using private information retrieval on a database that stores all
pairs shortest paths
On single server private information retrieval in a coding theory perspective
In this paper, we present a new perspective of single server private
information retrieval (PIR) schemes by using the notion of linear
error-correcting codes. Many of the known single server schemes are based on
taking linear combinations between database elements and the query elements.
Using the theory of linear codes, we develop a generic framework that
formalizes all such PIR schemes. Further, we describe some known PIR schemes
with respect to this code-based framework, and present the weaknesses of the
broken PIR schemes in a generic point of view
A survey on single server private information retrieval in a coding theory perspective
In this paper, we present a new perspective of single server private information retrieval (PIR) schemes by using the notion of linear error-correcting codes. Many of the known single server schemes are based on taking linear combinations between database elements and the query elements. Using the theory of linear codes, we develop a generic framework that formalizes all such PIR schemes. This generic framework provides an appropriate setup to analyze the security of such PIR schemes. In fact, we describe some known PIR schemes with respect to this code-based framework, and present the weaknesses of the broken PIR schemes in a unified point of view
Recommended from our members
Outlaw distributions and locally decodable codes
Locally decodable codes (LDCs) are error correcting codes that allow for decoding of a single message bit using a small number of queries to a corrupted encoding. Despite decades of study, the optimal trade-off between query complexity and codeword length is far from understood. In this work, we give a new characterization of LDCs using distributions over Boolean functions whose expectation is hard to approximate (in L∞ norm) with a small number of samples. We coin the term “outlaw distributions” for such distributions since they “defy” the Law of Large Numbers. We show that the existence of outlaw distributions over sufficiently “smooth” functions implies the existence of constant query LDCs and vice versa. We give several candidates for outlaw distributions over smooth functions coming from finite field incidence geometry, additive combinatorics and hypergraph (non)expanders. We also prove a useful lemma showing that (smooth) LDCs which are only required to work on average over a random message and a random message index can be turned into true LDCs at the cost of only constant factors in the parameters
Lower Bounds for Multi-Server Oblivious RAMs
In this work, we consider the construction of oblivious RAMs (ORAM) in a setting
with multiple servers and the adversary may corrupt a subset of the servers.
We present an overhead lower bound for any -server
ORAM that limits any PPT adversary to distinguishing advantage at most when
only one server is corrupted. In other words, if one insists on
negligible distinguishing advantage, then multi-server ORAMs cannot
be faster than single-server ORAMs even with polynomially many servers
of which only one unknown server is corrupted.
Our results apply to ORAMs that may err with probability at most
as well as scenarios where the adversary corrupts larger subsets of servers.
We also extend our lower bounds to other important data structures
including oblivious stacks, queues, deques, priority queues and search trees
TreePIR: Sublinear-Time and Polylog-Bandwidth Private Information Retrieval from DDH
In Private Information Retrieval (PIR), a client wishes to retrieve the value of an index from a public database of values without leaking information about the index . In their recent seminal work, Corrigan-Gibbs and Kogan (EUROCRYPT 2020) introduced the first two-server PIR protocol with sublinear amortized server time and sublinear, bandwidth. In a followup work, Shi et al. (CRYPTO 2021) reduced the bandwidth to polylogarithmic by proposing a construction based on privately puncturable pseudorandom functions, a primitive whose only construction known to date is based on heave cryptographic primitives. Partly because of this, their PIR protocol does not achieve concrete efficiency.
In this paper we propose TreePIR, a two-server PIR protocol with sublinear amortized server time and polylogarithmic bandwidth whose security can be based on just the DDH assumption. TreePIR can be partitioned in two phases, both sublinear: The first phase is remarkably simple and only requires pseudorandom generators. The second phase is a single-server PIR protocol on \emph{only} indices, for which we can use the protocol by D\ ottling et al. (CRYPTO 2019) based on DDH, or, for practical purposes, the most concretely efficient single-server PIR protocol. Not only does TreePIR achieve better asymptotics than previous approaches while resting on weaker cryptographic assumptions, but it also outperforms existing two-server PIR protocols in practice. The crux of our protocol is a new cryptographic primitive that we call weak privately puncturable pseudorandom functions, which we believe can have further applications