9 research outputs found
Lower bounds for constant query affine-invariant LCCs and LTCs
Affine-invariant codes are codes whose coordinates form a vector space over a
finite field and which are invariant under affine transformations of the
coordinate space. They form a natural, well-studied class of codes; they
include popular codes such as Reed-Muller and Reed-Solomon. A particularly
appealing feature of affine-invariant codes is that they seem well-suited to
admit local correctors and testers.
In this work, we give lower bounds on the length of locally correctable and
locally testable affine-invariant codes with constant query complexity. We show
that if a code is an -query
locally correctable code (LCC), where is a finite field and
is a finite alphabet, then the number of codewords in is
at most . Also, we show that if
is an -query locally testable
code (LTC), then the number of codewords in is at most
. The dependence on in these
bounds is tight for constant-query LCCs/LTCs, since Guo, Kopparty and Sudan
(ITCS `13) construct affine-invariant codes via lifting that have the same
asymptotic tradeoffs. Note that our result holds for non-linear codes, whereas
previously, Ben-Sasson and Sudan (RANDOM `11) assumed linearity to derive
similar results.
Our analysis uses higher-order Fourier analysis. In particular, we show that
the codewords corresponding to an affine-invariant LCC/LTC must be far from
each other with respect to Gowers norm of an appropriate order. This then
allows us to bound the number of codewords, using known decomposition theorems
which approximate any bounded function in terms of a finite number of
low-degree non-classical polynomials, upto a small error in the Gowers norm
Improved rank bounds for design matrices and a new proof of Kelly's theorem
We study the rank of complex sparse matrices in which the supports of
different columns have small intersections. The rank of these matrices, called
design matrices, was the focus of a recent work by Barak et. al. (BDWY11) in
which they were used to answer questions regarding point configurations. In
this work we derive near-optimal rank bounds for these matrices and use them to
obtain asymptotically tight bounds in many of the geometric applications. As a
consequence of our improved analysis, we also obtain a new, linear algebraic,
proof of Kelly's theorem, which is the complex analog of the Sylvester-Gallai
theorem
Communication-efficient distributed oblivious transfer
AbstractDistributed oblivious transfer (DOT) was introduced by Naor and Pinkas (2000) [31], and then generalized to (k,ℓ)-DOT-(n1) by Blundo et al. (2007) [8] and Nikov et al. (2002) [34]. In the generalized setting, a (k,ℓ)-DOT-(n1) allows a sender to communicate one of n secrets to a receiver with the help of ℓ servers. Specifically, the transfer task of the sender is distributed among ℓ servers and the receiver interacts with k out of the ℓ servers in order to retrieve the secret he is interested in. The DOT protocols we consider in this work are information-theoretically secure. The known (k,ℓ)-DOT-(n1) protocols require linear (in n) communication complexity between the receiver and servers. In this paper, we construct (k,ℓ)-DOT-(n1) protocols which only require sublinear (in n) communication complexity between the receiver and servers. Our constructions are based on information-theoretic private information retrieval. In particular, we obtain both a specific reduction from (k,ℓ)-DOT-(n1) to polynomial interpolation-based information-theoretic private information retrieval and a general reduction from (k,ℓ)-DOT-(n1) to any information-theoretic private information retrieval. The specific reduction yields (t,τ)-private (k,ℓ)-DOT-(n1) protocols of communication complexity O(n1/⌊(k−τ−1)/t⌋) between a semi-honest receiver and servers for any integers t and τ such that 1⩽t⩽k−1 and 0⩽τ⩽k−1−t. The general reduction yields (t,τ)-private (k,ℓ)-DOT-(n1) protocols which are as communication-efficient as the underlying private information retrieval protocols for any integers t and τ such that 1⩽t⩽k−2 and 0⩽τ⩽k−1−t
Vectorized Batch Private Information Retrieval
This paper studies Batch Private Information Retrieval (BatchPIR), a variant of private information retrieval (PIR) where the client wants to retrieve multiple entries from the server in one batch.
BatchPIR matches the use case of many practical applications and holds the potential for substantial efficiency improvements over PIR in terms of amortized cost per query.
Existing BatchPIR schemes have achieved decent computation efficiency but have not been able to improve communication efficiency at all.
Using vectorized homomorphic encryption, we present the first BatchPIR protocol that is efficient in both computation and communication for a variety of database configurations. Specifically, to retrieve a batch of 256 entries from a database with one million entries of 256 bytes each, the communication cost of our scheme is 7.5x to 98.5x better than state-of-the-art solutions
OnionPIR: Response Efficient Single-Server PIR
This paper presents OnionPIR and stateful OnionPIR two single-server PIR schemes that significantly improve the response size and computation cost over state-of-the-art schemes. OnionPIR scheme utilizes recent advances in somewhat homomorphic encryption (SHE) and carefully composes two lattice-based SHE schemes and homomorphic operations to control the noise growth and response size. Stateful OnionPIR uses a technique based on the homomorphic evaluation of copy networks.
OnionPIR achieves a response overhead of just x over the insecure baseline, in contrast to the x response overhead of state-of-the-art schemes. Our stateful OnionPIR scheme improves upon the recent stateful PIR framework of Patel et al. and drastically reduces its response overhead by avoiding downloading the entire database in the offline stage.
Compared to stateless OnionPIR, Stateful OnionPIR reduces the computation cost by x for different database sizes
Sub-logarithmic Distributed Oblivious RAM with Small Block Size
Oblivious RAM (ORAM) is a cryptographic primitive that allows a client to
securely execute RAM programs over data that is stored in an untrusted server.
Distributed Oblivious RAM is a variant of ORAM, where the data is stored in
servers. Extensive research over the last few decades have succeeded to
reduce the bandwidth overhead of ORAM schemes, both in the single-server and
the multi-server setting, from to . However, all known
protocols that achieve a sub-logarithmic overhead either require heavy
server-side computation (e.g. homomorphic encryption), or a large block size of
at least .
In this paper, we present a family of distributed ORAM constructions that
follow the hierarchical approach of Goldreich and Ostrovsky [GO96]. We enhance
known techniques, and develop new ones, to take better advantage of the
existence of multiple servers. By plugging efficient known hashing schemes in
our constructions, we get the following results:
1. For any , we show an -server ORAM scheme with overhead, and block size . This scheme is
private even against an -server collusion. 2. A 3-server ORAM
construction with overhead and a block size
almost logarithmic, i.e. .
We also investigate a model where the servers are allowed to perform a linear
amount of light local computations, and show that constant overhead is
achievable in this model, through a simple four-server ORAM protocol
CNF-FSS and its Applications
Function Secret Sharing (FSS), introduced by Boyle, Gilboa and Ishai [BGI15],
extends the classical notion of secret-sharing a *value* to secret sharing a
*function*. Namely, for a secret function f (from a class ), FSS provides a
sharing of f whereby *succinct shares (``keys\u27\u27) are distributed to a set of
parties, so that later the parties can non-interactively compute an additive
sharing of f(x), for any input x in the domain of f. Previous work on FSS
concentrated mostly on the two-party case, where highly efficient schemes are
obtained for some simple, yet extremely useful, classes (in particular,
FSS for the class of point functions, a task referred to as DPF -- Distributed
Point Functions [GI14,BGI15].
In this paper, we concentrate on the multi-party case, with p >= 3 parties and
t-security (1 <= t < p). First, we introduce the notion of CNF-DPF (or, more
generally, CNF-FSS), where the scheme uses the CNF version of secret sharing
(rather than additive sharing) to share each value . We then demonstrate
the utility of CNF-DPF by providing several applications. Our main result
shows how CNF-DPF can be used to achieve substantial asymptotic improvement in
communication complexity when using it as a building block for constructing
*standard* (t,p)-DPF protocols that tolerate t > 1 (semi-honest) corruptions.
For example, we build a 2-out-of-5 secure (standard) DPF scheme of
communication complexity O(N^{1/4}), where N is the domain size of f (compared
with the current best-known of O(N^{1/2}) for (2,5)-DPF). More generally,
with p > d*t parties, we give a (t,p)-DPF whose complexity grows as
O(N^{1/2d}) (rather than O(\sqrt{N}) that follows from the (p-1,p)-DPF scheme
of [BGI15]).
We also present a 1-out-of-3 secure CNF-DPF scheme, in which each party holds
two of the three keys, with poly-logarithmic communication complexity. These
results have immediate implications to scenarios where (multi-server) DPF was
shown to be applicable. For example, we show how to use such a scheme to
obtain asymptotic improvement (O(\log^2N) versus O(\sqrt{N})) in communication
complexity over the 3-party protocol of [BKKO20]
Efficient Multiparty Protocols via Log-Depth Threshold Formulae
We put forward a new approach for the design of efficient multiparty protocols:
1. Design a protocol for a small number of parties (say, 3 or 4)
which achieves security against a single corrupted party. Such
protocols are typically easy to construct as they may employ
techniques that do not scale well with the number of corrupted
parties.
2. Recursively compose with itself to obtain an efficient n-party
protocol which achieves security against a constant fraction of
corrupted parties.
The second step of our approach combines the player emulation
technique of Hirt and Maurer (J. Cryptology, 2000) with
constructions of logarithmic-depth formulae which compute
threshold functions using only constant fan-in threshold gates.
Using this approach, we simplify and improve on previous results
in cryptography and distributed computing. In particular:
- We provide conceptually simple constructions of efficient
protocols for Secure Multiparty Computation (MPC) in the
presence of an honest majority, as well as broadcast protocols
from point-to-point channels and a 2-cast primitive.
- We obtain new results on MPC over blackbox groups and other
algebraic structures.
The above results rely on the following complexity-theoretic
contributions, which may be of independent interest:
- We show that for every integers j,k such that m = (k-1)/(j-1)
is an integer, there is an explicit (poly(n)-time) construction
of a logarithmic-depth formula which computes a good
approximation of an (n/m)-out-of-n threshold function using only
j-out-of-k threshold gates and no constants.
- For the special case of n-bit majority from 3-bit majority
gates, a non-explicit construction follows from the work of
Valiant (J. Algorithms, 1984). For this special case, we provide
an explicit construction with a better approximation than for the
general threshold case, and also an exact explicit construction
based on standard complexity-theoretic or cryptographic
assumptions