PIR schemes with small download complexity and low storage requirements

Shah, Rashmi and Ramchandran recently considered a model for Private Information Retrieval (PIR) where a user wishes to retrieve one of several R-bit messages from a set of n non-colluding servers. Their security model is information-theoretic. Their paper is the first to consider a model for PIR in which the database is not necessarily replicated, so allowing distributed storage techniques to be used. They concentrate on minimising the total number of bits downloaded from the servers. Shah et al. provide a construction of a scheme that requires just R + 1 bits to be downloaded from servers, but requires an exponential (in R) number of servers. We provide an improved scheme that requires a linear number of servers. Shah et al. construct a scheme with linear total storage (in R) that needs at least 2R bits to be downloaded. For any positive �, we provide a construction with the same storage property, that requires at most (1 + �)R bits to be downloaded; moreover one variant of our scheme only requires each server to store a bounded number of bits (in the sense of being bounded by a function that is independent of R). Finally, we simplify and generalise a lower bound due to Shah et al. on the download complexity of such a PIR scheme. In a natural model, we show that an n-server PIR scheme requires at least nR/(n−1) download bits, and provide a scheme that meets this bound

PIR schemes with small download complexity and low storage requirements

Shah, Rashmi and Ramchandran recently considered a model for Private Information Retrieval (PIR) where a user wishes to retrieve one of several Ä-bit messages from a set of n non-colluding servers. Their security model is information-theoretic. Their paper is the first to consider a model for PIR in which the database is not necessarily replicated, so allowing distributed storage techniques to be used. Shah et al. show that at least Ä+1 bits must be downloaded from servers, and describe a scheme with linear total storage (in R) that downloads between 2R and 3R bits. For any positive e, we provide a construction with the same storage property, that requires at most (1 + e)R bits to be downloaded; moreover one variant of our scheme only requires each server to store a bounded number of bits (in the sense of being bounded by a function that is independent of R). We also provide variants of a scheme of Shah et al which downloads exactly R +1 bits and has quadratic total storage. Finally, we simplify and generalise a lower bound due to Shah et al. on the download complexity of a PIR scheme. In a natural model, we show that an n-server PIR scheme requires at least nR/(n - 1) download bits in many cases, and provide a scheme that meets this bound. This paper provides various bounds on the download complexity of a PIR scheme, generalising those of Shah et al.\ to the case when the number $n$ of servers is bounded, and providing links with classical techniques due to Chor et al. The paper also provides a range of constructions for PIR schemes that are either simpler or perform better than previously known schemes. These constructions include explicit schemes that achieve the best asymptotic download complexity of Sun and Jafar with significantly lower upload complexity, and general techniques for constructing a scheme with good worst case download complexity from a scheme with good download complexity on average

PIR schemes with small download complexity and low storage requirements

Shah, Rashmi and Ramchandran recently considered a model for Private Information Retrieval (PIR) where a user wishes to retrieve one of several Ä-bit messages from a set of n non-colluding servers. Their security model is information-theoretic. Their paper is the first to consider a model for PIR in which the database is not necessarily replicated, so allowing distributed storage techniques to be used. Shah et al. show that at least Ä+1 bits must be downloaded from servers, and describe a scheme with linear total storage (in R) that downloads between 2R and 3R bits. For any positive e, we provide a construction with the same storage property, that requires at most (1 + e)R bits to be downloaded; moreover one variant of our scheme only requires each server to store a bounded number of bits (in the sense of being bounded by a function that is independent of R). We also provide variants of a scheme of Shah et al which downloads exactly R +1 bits and has quadratic total storage. Finally, we simplify and generalise a lower bound due to Shah et al. on the download complexity of a PIR scheme. In a natural model, we show that an n-server PIR scheme requires at least nR/(n - 1) download bits in many cases, and provide a scheme that meets this bound. This paper provides various bounds on the download complexity of a PIR scheme, generalising those of Shah et al.\ to the case when the number $n$ of servers is bounded, and providing links with classical techniques due to Chor et al. The paper also provides a range of constructions for PIR schemes that are either simpler or perform better than previously known schemes. These constructions include explicit schemes that achieve the best asymptotic download complexity of Sun and Jafar with significantly lower upload complexity, and general techniques for constructing a scheme with good worst case download complexity from a scheme with good download complexity on average

Private Information Retrieval Schemes for Coded Data with Arbitrary Collusion Patterns

In Private Information Retrieval (PIR), one wants to download a file from a database without revealing to the database which file is being downloaded. Much attention has been paid to the case of the database being encoded across several servers, subsets of which can collude to attempt to deduce the requested file. With the goal of studying the achievable PIR rates in realistic scenarios, we generalize results for coded data from the case of all subsets of servers of size $t$ colluding, to arbitrary subsets of the servers. We investigate the effectiveness of previous strategies in this new scenario, and present new results in the case where the servers are partitioned into disjoint colluding groups.Comment: Updated with a corrected statement of Theorem

Multiround private information retrieval: Capacity and storage overhead

Private information retrieval (PIR) is the problem of retrieving one message out of $K$ messages from $N$ non-communicating replicated databases, where each database stores all $K$ messages, in such a way that each database learns no information about which message is being retrieved. The capacity of PIR is the maximum number of bits of desired information per bit of downloaded information among all PIR schemes. The capacity has recently been characterized for PIR as well as several of its variants. In every case it is assumed that all the queries are generated by the user simultaneously. Here we consider multiround PIR, where the queries in each round are allowed to depend on the answers received in previous rounds. We show that the capacity of multiround PIR is the same as the capacity of single-round PIR. The result is generalized to also include $T$ -privacy constraints. Combined with previous results, this shows that there is no capacity advantage from multiround over single-round schemes, non-linear over linear schemes or from $\epsilon$ -error over zero-error schemes. However, we show through an example that there is an advantage in terms of storage overhead. We provide an example of a multiround, non-linear, $\epsilon$ -error PIR scheme that requires a strictly smaller storage overhead than the best possible with single-round, linear, zero-error PIR schemes