Secure Symmetric Private Information Retrieval from Colluding Databases with Adversaries

The problem of symmetric private information retrieval (SPIR) from replicated databases with colluding servers and adversaries is studied. Specifically, the database comprises $K$ files, which are replicatively stored among $N$ servers. A user wants to retrieve one file from the database by communicating with the $N$ servers, without revealing the identity of the desired file to any server. Furthermore, the user shall learn nothing about the other $K-1$ files. Any $T$ out of $N$ servers may collude, that is, they may communicate their interactions with the user to guess the identity of the requested file. An adversary in the system can tap in on or even try to corrupt the communication. Three types of adversaries are considered: a Byzantine adversary who can overwrite the transmission of any $B$ servers to the user; a passive eavesdropper who can tap in on the incoming and outgoing transmissions of any $E$ servers; and a combination of both -- an adversary who can tap in on a set of any $E$ nodes, and overwrite the transmission of a set of any $B$ nodes. The problems of SPIR with colluding servers and the three types of adversaries are named T-BSPIR, T-ESPIR and T-BESPIR respectively. The capacity of the problem is defined as the maximum number of information bits of the desired file retrieved per downloaded bit. We show that the information-theoretical capacity of T-BSPIR equals $1-\frac{2B+T}{N}$, if the servers share common randomness (unavailable at the user) with amount at least $\frac{2B+T}{N-2B-T}$ times the file size. Otherwise, the capacity equals zero. The capacity of T-ESPIR is proved to equal $1-\frac{\max(T,E)}{N}$, with common randomness at least $\frac{\max(T,E)}{N-\max(T,E)}$ times the file size. Finally, the capacity of T-BESPIR is proved to be $1-\frac{2B+\max(T,E)}{N}$, with common randomness at least $\frac{2B+\max(T,E)}{N-2B-\max(T,E)}$ times the file size

The ϵ\epsilon-error Capacity of Symmetric PIR with Byzantine Adversaries

The capacity of symmetric private information retrieval with $K$ messages, $N$ servers (out of which any $T$ may collude), and an omniscient Byzantine adversary (who can corrupt any $B$ answers) is shown to be $1 - \frac{T+2B}{N}$ [1], under the requirement of zero probability of error. In this work, we show that by weakening the adversary slightly (either providing secret low rate channels between the servers and the user, or limiting the observation of the adversary), and allowing vanishing probability of error, the capacity increases to $1 - \frac{T+B}{N}$.Comment: Part of this paper will be presented in 2018 IEEE Information Theory Workshop (ITW

Towards the Capacity of Private Information Retrieval from Coded and Colluding Servers

In this work, two practical concepts related to private information retrieval (PIR) are introduced and coined full support-rank PIR and strongly linear PIR. Being of full support-rank is a technical, yet natural condition required to prove a converse result for a capacity expression and satisfied by almost all currently known capacity-achieving schemes, while strong linearity is a practical requirement enabling implementation over small finite fields with low subpacketization degree. Then, the capacity of MDS-coded, linear, full support-rank PIR in the presence of colluding servers is derived, as well as the capacity of symmetric, linear PIR with colluding, adversarial, and nonresponsive servers for the recently introduced concept of matched randomness. This positively settles the capacity conjectures stated by Freij-Hollanti et al. and Tajeddine et al. in the presented cases. It is also shown that, further restricting to strongly-linear PIR schemes with deterministic linear interference cancellation, the so-called star product scheme proposed by Freij-Hollanti et al. is essentially optimal and induces no capacity loss

The Capacity of Private Information Retrieval with Partially Known Private Side Information

We consider the problem of private information retrieval (PIR) of a single message out of $K$ messages from $N$ replicated and non-colluding databases where a cache-enabled user (retriever) of cache-size $M$ possesses side information in the form of full messages that are partially known to the databases. In this model, the user and the databases engage in a two-phase scheme, namely, the prefetching phase where the user acquires side information and the retrieval phase where the user downloads desired information. In the prefetching phase, the user receives $m_n$ full messages from the $n$th database, under the cache memory size constraint $\sum_{n=1}^N m_n \leq M$. In the retrieval phase, the user wishes to retrieve a message such that no individual database learns anything about the identity of the desired message. In addition, the identities of the side information messages that the user did not prefetch from a database must remain private against that database. Since the side information provided by each database in the prefetching phase is known by the providing database and the side information must be kept private against the remaining databases, we coin this model as \textit{partially known private side information}. We characterize the capacity of the PIR with partially known private side information to be $C=\left(1+\frac{1}{N}+\cdots+\frac{1}{N^{K-M-1}}\right)^{-1}=\frac{1-\frac{1}{N}}{1-(\frac{1}{N})^{K-M}}$. Interestingly, this result is the same if none of the databases knows any of the prefetched side information, i.e., when the side information is obtained externally, a problem posed by Kadhe et al. and settled by Chen-Wang-Jafar recently. Thus, our result implies that there is no loss in using the same databases for both prefetching and retrieval phases.Comment: Submitted to IEEE Transactions on Information Theory, November 201

Cache-Aided Private Information Retrieval with Partially Known Uncoded Prefetching: Fundamental Limits

We consider the problem of private information retrieval (PIR) from $N$ non-colluding and replicated databases, when the user is equipped with a cache that holds an uncoded fraction $r$ of the symbols from each of the $K$ stored messages in the databases. This model operates in a two-phase scheme, namely, the prefetching phase where the user acquires side information and the retrieval phase where the user privately downloads the desired message. In the prefetching phase, the user receives $\frac{r}{N}$ uncoded fraction of each message from the $n$th database. This side information is known only to the $n$th database and unknown to the remaining databases, i.e., the user possesses \emph{partially known} side information. We investigate the optimal normalized download cost $D^*(r)$ in the retrieval phase as a function of $K$, $N$, $r$. We develop lower and upper bounds for the optimal download cost. The bounds match in general for the cases of very low caching ratio ($r \leq \frac{1}{N^{K-1}}$) and very high caching ratio ($r \geq \frac{K-2}{N^2-3N+KN}$). We fully characterize the optimal download cost caching ratio tradeoff for $K=3$. For general $K$, $N$, and $r$, we show that the largest gap between the achievability and the converse bounds is $\frac{5}{32}$.Comment: Submitted for publication, December 2017. arXiv admin note: substantial text overlap with arXiv:1709.0105

Private Information Retrieval Through Wiretap Channel II: Privacy Meets Security

We consider the problem of private information retrieval through wiretap channel II (PIR-WTC-II). In PIR-WTC-II, a user wants to retrieve a single message (file) privately out of $M$ messages, which are stored in $N$ replicated and non-communicating databases. An external eavesdropper observes a fraction $\mu_n$ (of its choice) of the traffic exchanged between the $n$th database and the user. In addition to the privacy constraint, the databases should encode the returned answer strings such that the eavesdropper learns absolutely nothing about the \emph{contents} of the databases. We aim at characterizing the capacity of the PIR-WTC-II under the combined privacy and security constraints. We obtain a general upper bound for the problem in the form of a max-min optimization problem, which extends the converse proof of the PIR problem under asymmetric traffic constraints. We propose an achievability scheme that satisfies the security constraint by encoding a secret key, which is generated securely at each database, into an artificial noise vector using an MDS code. The user and the databases operate at one of the corner points of the achievable scheme for the PIR under asymmetric traffic constraints such that the retrieval rate is maximized under the imposed security constraint. The upper bound and the lower bound match for the case of $M=2$ and $M=3$ messages, for any $N$, and any $\boldsymbol{\mu}=(\mu_1, \cdots, \mu_N)$.Comment: Submitted to IEEE Transactions on Information Theory, January 201

Secure Private Information Retrieval from Colluding Databases with Eavesdroppers

The problem of private information retrieval (PIR) is to retrieve one message out of $K$ messages replicated at $N$ databases, without revealing the identity of the desired message to the databases. We consider the problem of PIR with colluding servers and eavesdroppers, named T-EPIR. Specifically, any $T$ out of $N$ databases may collude, i.e. they may communicate their interactions with the user to guess the identity of the requested message. An eavesdropper is curious to know the database and can tap in on the incoming and outgoing transmissions of any $E$ databases. The databases share some common randomness unknown to the eavesdropper and the user, and use the common randomness to generate the answers, such that the eavesdropper can learn no information about the $K$ messages. Define $R^*$ as the optimal ratio of the number of the desired message information bits to the number of total downloaded bits, and $\rho^*$ to be the optimal ratio of the information bits of the shared common randomness to the information bits of the desired file. In our previous work, we found that when $E \geq T$, the optimal ratio that can be achieved equals $1-\frac{E}{N}$. In this work, we focus on the case when $E \leq T$. We derive an outer bound $R^* \leq (1-\frac{T}{N}) \frac{1-\frac{E}{N} \cdot (\frac{T}{N})^{K-1}}{1-(\frac{T}{N})^K}$. We also obtain a lower bound of $\rho^* \geq \frac{\frac{E}{N}(1-(\frac{T}{N})^K)}{(1-\frac{T}{N})(1-\frac{E}{N} \cdot (\frac{T}{N})^{K-1})}$. For the achievability, we propose a scheme which achieves the rate (inner bound) $R=\frac{1-\frac{T}{N}}{1-(\frac{T}{N})^K}-\frac{E}{KN}$. The amount of shared common randomness used in the achievable scheme is $\frac{\frac{E}{N}(1-(\frac{T}{N})^K)}{1-\frac{T}{N}-\frac{E}{KN}(1-(\frac{T}{N})^K)}$ times the file size. The gap between the derived inner and outer bounds vanishes as the number of messages $K$ tends to infinity

The Capacity of Private Information Retrieval from Heterogeneous Uncoded Caching Databases

We consider private information retrieval (PIR) of a single file out of $K$ files from $N$ non-colluding databases with heterogeneous storage constraints $\mathbf{m}=(m_1, \cdots, m_N)$. The aim of this work is to jointly design the content placement phase and the information retrieval phase in order to minimize the download cost in the PIR phase. We characterize the optimal PIR download cost as a linear program. By analyzing the structure of the optimal solution of this linear program, we show that, surprisingly, the optimal download cost in our heterogeneous case matches its homogeneous counterpart where all databases have the same average storage constraint $\mu=\frac{1}{N} \sum_{n=1}^{N} m_n$. Thus, we show that there is no loss in the PIR capacity due to heterogeneity of storage spaces of the databases. We provide the optimum content placement explicitly for $N=3$.Comment: Submitted for publication, February 201

The Capacity of Private Information Retrieval with Private Side Information Under Storage Constraints

We consider the problem of private information retrieval (PIR) of a single message out of $K$ messages from $N$ replicated and non-colluding databases where a cache-enabled user (retriever) of cache-size $S$ possesses side information in the form of uncoded portions of the messages that are unknown to the databases. The identities of these side information messages need to be kept private from the databases, i.e., we consider PIR with private side information (PSI). We characterize the optimal normalized download cost for this PIR-PSI problem under the storage constraint $S$ as $D^*=1+\frac{1}{N}+\frac{1}{N^2}+\dots+\frac{1}{N^{K-1-M}}+\frac{1-r_M}{N^{K-M}}+\frac{1-r_{M-1}}{N^{K-M+1}}+\dots+\frac{1-r_1}{N^{K-1}}$, where $r_i$ is the portion of the $i$th side information message that is cached with $\sum_{i=1}^M r_i=S$. Based on this capacity result, we prove two facts: First, for a fixed memory size $S$ and a fixed number of accessible messages $M$, uniform caching achieves the lowest normalized download cost, i.e., $r_i=\frac{S}{M}$, for $i=1,\dots, M$, is optimum. Second, for a fixed memory size $S$, among all possible $K-\left \lceil{S} \right \rceil+1$ uniform caching schemes, the uniform caching scheme which caches $M=K$ messages achieves the lowest normalized download cost.Comment: Submitted for publication, June 201

The Capacity of Multi-round Private Information Retrieval from Byzantine Databases

In this work, we investigate the capacity of private information retrieval (PIR) from $N$ replicated databases, where a subset of the databases are untrustworthy (byzantine) in their answers to the query of the user. We allow for multi-round queries and demonstrate that the identities of the byzantine databases can be determined with a small additional download cost. As a result, the capacity of the multi-round PIR with byzantine databases (BPIR) reaches that of the robust PIR problem when the number of byzantine databases is less than the number of trustworthy databases.Comment: 8 pages, 2 figure