236 research outputs found
LDCs and PIRs
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (leaves 90-99).This thesis studies two closely related notions, namely Locally Decodable Codes (LDCs) and Private Information Retrieval Schemes (PIRs). Locally decodable codes are error-correcting codes that allow extremely efficient, "sublinear-time" decoding procedures. More formally, a k-query locally decodable code encodes n-bit messages x in such a way that one can probabilistically recover any bit xi of the message by querying only k bits of the (possibly corrupted) code-word, where k can be as small as 2. LDCs were initially introduced in complexity theory in the context of worst-case to average-case reductions and probabilistically checkable proofs. Later they have found applications in numerous other areas including information theory, cryptography and the theory of fault tolerant computation. The major goal of LDC related research is to establish the optimal trade-off between length N and query complexity k of such codes, for a given message length n. Private information retrieval schemes are cryptographic protocols developed in order to protect the privacy of the user's query, when accessing a public database. In such schemes a database (modelled by an n-bit string x) is replicated between k non-communicating servers. The user holds an index i and is interested in obtaining the value of the bit xi. To achieve this goal, the user queries each of the servers and gets replies from which the desired bit xi can be computed. The query to each server is distributed independently of i and therefore each server gets no information about what the user is after. The main parameter of interest in a PIR scheme is its communication complexity, namely the number of bits exchanged by the user accessing an n-bit database and the servers. In this thesis we provide a fresh algebraic look at the theory of locally decodable codes and private information retrieval schemes.(cont.) We obtain new families of LDCs and PIRs that have much better parameters than those of previously known constructions. We also prove limitations of two server PIRs in a restricted setting that covers all currently known schemes. Below is a more detailed summary of our contributions. * Our main result is a novel (point removal) approach to constructing locally decodable codes that yields vast improvements upon the earlier work. Specifically, given any Mersenne prime p = 2t - 1, we design three query LDCs of length N = exp (nl/t), for every n. Based on the largest known Mersenne prime, this translates to a length of less than exp (n10-7), compared to exp (n1/2) in the previous constructions. It has often been conjectured that there are infinitely many Mersenne primes. Under this conjecture, our constructions yield three query locally decodable codes of length N = exp n(oglog)) for infinitely many n. * We address a natural question regarding the limitations of the point-removal approach. We argue that further progress in the unconditional bounds via this method (under a fairly broad definition of the method) is tied to progress on an old number theory question regarding the size of the largest prime factors of Mersenne numbers. * Our improvements in the parameters of locally decodable codes yield analogous improvements for private information retrieval schemes. We give 3-server PIR schemes with communication complexity of O (n10-7) to access an n-bit database, compared to the previous best scheme with complexity 0(n1/5.25).(cont.) Assuming again that there are infinitely many Mersenne primes, we get 3-server PIR schemes of communication complexity n(1/ loglog n) for infinitely many n. * Our constructions yield tremendous improvements for private information retrieval schemes involving three or more servers, and provide no insights on the two server case. This raises a natural question regarding whether the two server case is truly intrinsically different. We argue that this may well be the case. We introduce a novel combinatorial approach to PIR and establish the optimality of the currently best known two server schemes a restricted although fairly broad modelby Sergey Yekhanin.Ph.D
Query-Efficient Locally Decodable Codes of Subexponential Length
We develop the algebraic theory behind the constructions of Yekhanin (2008)
and Efremenko (2009), in an attempt to understand the ``algebraic niceness''
phenomenon in . We show that every integer ,
where , and are prime, possesses the same good algebraic property as
that allows savings in query complexity. We identify 50 numbers of this
form by computer search, which together with 511, are then applied to gain
improvements on query complexity via Itoh and Suzuki's composition method. More
precisely, we construct a -query LDC for every positive
integer and a -query
LDC for every integer , both of length , improving the
queries used by Efremenko (2009) and queries used by Itoh and
Suzuki (2010).
We also obtain new efficient private information retrieval (PIR) schemes from
the new query-efficient LDCs.Comment: to appear in Computational Complexit
Exponential Lower Bound for 2-Query Locally Decodable Codes via a Quantum Argument
A locally decodable code encodes n-bit strings x in m-bit codewords C(x), in
such a way that one can recover any bit x_i from a corrupted codeword by
querying only a few bits of that word. We use a quantum argument to prove that
LDCs with 2 classical queries need exponential length: m=2^{Omega(n)}.
Previously this was known only for linear codes (Goldreich et al. 02). Our
proof shows that a 2-query LDC can be decoded with only 1 quantum query, and
then proves an exponential lower bound for such 1-query locally
quantum-decodable codes. We also show that q quantum queries allow more
succinct LDCs than the best known LDCs with q classical queries. Finally, we
give new classical lower bounds and quantum upper bounds for the setting of
private information retrieval. In particular, we exhibit a quantum 2-server PIR
scheme with O(n^{3/10}) qubits of communication, improving upon the O(n^{1/3})
bits of communication of the best known classical 2-server PIR.Comment: 16 pages Latex. 2nd version: title changed, large parts rewritten,
some results added or improve
A Storage-Efficient and Robust Private Information Retrieval Scheme Allowing Few Servers
Since the concept of locally decodable codes was introduced by Katz and
Trevisan in 2000, it is well-known that information the-oretically secure
private information retrieval schemes can be built using locally decodable
codes. In this paper, we construct a Byzantine ro-bust PIR scheme using the
multiplicity codes introduced by Kopparty et al. Our main contributions are on
the one hand to avoid full replica-tion of the database on each server; this
significantly reduces the global redundancy. On the other hand, to have a much
lower locality in the PIR context than in the LDC context. This shows that
there exists two different notions: LDC-locality and PIR-locality. This is made
possible by exploiting geometric properties of multiplicity codes
Improved Lower Bounds for Locally Decodable Codes and Private Information Retrieval
We prove new lower bounds for locally decodable codes and private information
retrieval. We show that a 2-query LDC encoding n-bit strings over an l-bit
alphabet, where the decoder only uses b bits of each queried position of the
codeword, needs code length m = exp(Omega(n/(2^b Sum_{i=0}^b {l choose i})))
Similarly, a 2-server PIR scheme with an n-bit database and t-bit queries,
where the user only needs b bits from each of the two l-bit answers, unknown to
the servers, satisfies t = Omega(n/(2^b Sum_{i=0}^b {l choose i})). This
implies that several known PIR schemes are close to optimal. Our results
generalize those of Goldreich et al. who proved roughly the same bounds for
linear LDCs and PIRs. Like earlier work by Kerenidis and de Wolf, our classical
lower bounds are proved using quantum computational techniques. In particular,
we give a tight analysis of how well a 2-input function can be computed from a
quantum superposition of both inputs.Comment: 12 pages LaTeX, To appear in ICALP '0
2-Server PIR with sub-polynomial communication
A 2-server Private Information Retrieval (PIR) scheme allows a user to
retrieve the th bit of an -bit database replicated among two servers
(which do not communicate) while not revealing any information about to
either server. In this work we construct a 1-round 2-server PIR with total
communication cost . This improves over the
currently known 2-server protocols which require communication and
matches the communication cost of known 3-server PIR schemes. Our improvement
comes from reducing the number of servers in existing protocols, based on
Matching Vector Codes, from 3 or 4 servers to 2. This is achieved by viewing
these protocols in an algebraic way (using polynomial interpolation) and
extending them using partial derivatives
Locally Decodable Quantum Codes
We study a quantum analogue of locally decodable error-correcting codes. A
q-query locally decodable quantum code encodes n classical bits in an m-qubit
state, in such a way that each of the encoded bits can be recovered with high
probability by a measurement on at most q qubits of the quantum code, even if a
constant fraction of its qubits have been corrupted adversarially. We show that
such a quantum code can be transformed into a classical q-query locally
decodable code of the same length that can be decoded well on average (albeit
with smaller success probability and noise-tolerance). This shows, roughly
speaking, that q-query quantum codes are not significantly better than q-query
classical codes, at least for constant or small q.Comment: 15 pages, LaTe
Robust Private Information Retrieval on Coded Data
We consider the problem of designing PIR scheme on coded data when certain
nodes are unresponsive. We provide the construction of -robust PIR schemes
that can tolerate up to unresponsive nodes. These schemes are adaptive
and universally optimal in the sense of achieving (asymptotically) optimal
download cost for any number of unresponsive nodes up to
- …