Efficient Recovery of a Shared Secret via Cooperation: Applications to SDMM and PIR

This work considers the problem of privately outsourcing the computation of a matrix product over a finite field $\mathbb{F}_q$ to $N$ helper servers. These servers are considered to be honest but curious, i.e., they behave according to the protocol but will try to deduce information about the user's data. Furthermore, any set of up to $X$ servers is allowed to share their data. Previous works considered this collusion a hindrance and the download cost of the schemes increases with growing $X$. We propose to utilize such linkage between servers to the user's advantage by allowing servers to cooperate in the computational task. This leads to a significant gain in the download cost for the proposed schemes. The gain naturally comes at the cost of increased communication load between the servers. Hence, the proposed cooperative scheme can be understood as outsourcing both computational cost and communication cost. While the present work exemplifies the proposed server cooperation in the case of a specific secure distributed matrix multiplication (SDMM) scheme, the same idea applies to many other use cases as well. For instance, other SDMM schemes as well as linear private information retrieval (PIR) as a special case of SDMM are instantly covered.Comment: 10 pages, 2 figure

Double Blind TT-Private Information Retrieval

Double blind $T$-private information retrieval (DB-TPIR) enables two users, each of whom specifies an index ($\theta_1, \theta_2$, resp.), to efficiently retrieve a message $W(\theta_1,\theta_2)$ labeled by the two indices, from a set of $N$ servers that store all messages $W(k_1,k_2), k_1\in\{1,2,\cdots,K_1\}, k_2\in\{1,2,\cdots,K_2\}$, such that the two users' indices are kept private from any set of up to $T_1,T_2$ colluding servers, respectively, as well as from each other. A DB-TPIR scheme based on cross-subspace alignment is proposed in this paper, and shown to be capacity-achieving in the asymptotic setting of large number of messages and bounded latency. The scheme is then extended to $M$-way blind $X$-secure $T$-private information retrieval (MB-XS-TPIR) with multiple ($M$) indices, each belonging to a different user, arbitrary privacy levels for each index ($T_1, T_2,\cdots, T_M$), and arbitrary level of security ($X$) of data storage, so that the message $W(\theta_1,\theta_2,\cdots, \theta_M)$ can be efficiently retrieved while the stored data is held secure against collusion among up to $X$ colluding servers, the $m^{th}$ user's index is private against collusion among up to $T_m$ servers, and each user's index $\theta_m$ is private from all other users. The general scheme relies on a tensor-product based extension of cross-subspace alignment and retrieves $1-(X+T_1+\cdots+T_M)/N$ bits of desired message per bit of download.Comment: Accepted for publication in IEEE Journal on Selected Areas in Information Theory (JSAIT

Weakly Private Information Retrieval from Heterogeneously Trusted Servers

We study the problem of weakly private information retrieval (PIR) when there is heterogeneity in servers' trustfulness under the maximal leakage (Max-L) metric and mutual information (MI) metric. A user wishes to retrieve a desired message from N non-colluding servers efficiently, such that the identity of the desired message is not leaked in a significant manner; however, some servers can be more trustworthy than others. We propose a code construction for this setting and optimize the probability distribution for this construction. For the Max-L metric, it is shown that the optimal probability allocation for the proposed scheme essentially separates the delivery patterns into two parts: a completely private part that has the same download overhead as the capacity-achieving PIR code, and a non-private part that allows complete privacy leakage but has no download overhead by downloading only from the most trustful server. The optimal solution is established through a sophisticated analysis of the underlying convex optimization problem, and a reduction between the homogeneous setting and the heterogeneous setting. For the MI metric, the homogeneous case is studied first for which the code can be optimized with an explicit probability assignment, while a closed-form solution becomes intractable for the heterogeneous case. Numerical results are provided for both cases to corroborate the theoretical analysis.Comment: 23 pages 3 figures. arXiv admin note: text overlap with arXiv:2205.0161