The Capacity of Private Information Retrieval from Byzantine and Colluding Databases

We consider the problem of single-round private information retrieval (PIR) from $N$ replicated databases. We consider the case when $B$ databases are outdated (unsynchronized), or even worse, adversarial (Byzantine), and therefore, can return incorrect answers. In the PIR problem with Byzantine databases (BPIR), a user wishes to retrieve a specific message from a set of $M$ messages with zero-error, irrespective of the actions performed by the Byzantine databases. We consider the $T$-privacy constraint in this paper, where any $T$ databases can collude, and exchange the queries submitted by the user. We derive the information-theoretic capacity of this problem, which is the maximum number of \emph{correct symbols} that can be retrieved privately (under the $T$-privacy constraint) for every symbol of the downloaded data. We determine the exact BPIR capacity to be $C=\frac{N-2B}{N}\cdot\frac{1-\frac{T}{N-2B}}{1-(\frac{T}{N-2B})^M}$, if $2B+T < N$. This capacity expression shows that the effect of Byzantine databases on the retrieval rate is equivalent to removing $2B$ databases from the system, with a penalty factor of $\frac{N-2B}{N}$, which signifies that even though the number of databases needed for PIR is effectively $N-2B$, the user still needs to access the entire $N$ databases. The result shows that for the unsynchronized PIR problem, if the user does not have any knowledge about the fraction of the messages that are mis-synchronized, the single-round capacity is the same as the BPIR capacity. Our achievable scheme extends the optimal achievable scheme for the robust PIR (RPIR) problem to correct the \emph{errors} introduced by the Byzantine databases as opposed to \emph{erasures} in the RPIR problem. Our converse proof uses the idea of the cut-set bound in the network coding problem against adversarial nodes.Comment: Submitted to IEEE Transactions on Information Theory, June 201

Private Information Retrieval from MDS Coded Databases with Colluding Servers under Several Variant Models

Private information retrieval (PIR) gets renewed attentions due to its information-theoretic reformulation and its application in distributed storage system (DSS). The general PIR model considers a coded database containing $N$ servers storing $M$ files. Each file is stored independently via the same arbitrary $(N,K)$-MDS code. A user wants to retrieve a specific file from the database privately against an arbitrary set of $T$ colluding servers. A key problem is to analyze the PIR capacity, defined as the maximal number of bits privately retrieved per one downloaded bit. Several extensions for the general model appear by bringing in various additional constraints. In this paper, we propose a general PIR scheme for several variant PIR models including: PIR with robust servers, PIR with Byzantine servers, the multi-file PIR model and PIR with arbitrary collusion patterns.Comment: The current draft is extended by considering several PIR models. The original version named "Multi-file Private Information Retrieval from MDS Coded Databases with Colluding Servers" is abridged into a section within the current draft. arXiv admin note: text overlap with arXiv:1704.0678

The Capacity of Multi-round Private Information Retrieval from Byzantine Databases

In this work, we investigate the capacity of private information retrieval (PIR) from $N$ replicated databases, where a subset of the databases are untrustworthy (byzantine) in their answers to the query of the user. We allow for multi-round queries and demonstrate that the identities of the byzantine databases can be determined with a small additional download cost. As a result, the capacity of the multi-round PIR with byzantine databases (BPIR) reaches that of the robust PIR problem when the number of byzantine databases is less than the number of trustworthy databases.Comment: 8 pages, 2 figure

Secure Symmetric Private Information Retrieval from Colluding Databases with Adversaries

The problem of symmetric private information retrieval (SPIR) from replicated databases with colluding servers and adversaries is studied. Specifically, the database comprises $K$ files, which are replicatively stored among $N$ servers. A user wants to retrieve one file from the database by communicating with the $N$ servers, without revealing the identity of the desired file to any server. Furthermore, the user shall learn nothing about the other $K-1$ files. Any $T$ out of $N$ servers may collude, that is, they may communicate their interactions with the user to guess the identity of the requested file. An adversary in the system can tap in on or even try to corrupt the communication. Three types of adversaries are considered: a Byzantine adversary who can overwrite the transmission of any $B$ servers to the user; a passive eavesdropper who can tap in on the incoming and outgoing transmissions of any $E$ servers; and a combination of both -- an adversary who can tap in on a set of any $E$ nodes, and overwrite the transmission of a set of any $B$ nodes. The problems of SPIR with colluding servers and the three types of adversaries are named T-BSPIR, T-ESPIR and T-BESPIR respectively. The capacity of the problem is defined as the maximum number of information bits of the desired file retrieved per downloaded bit. We show that the information-theoretical capacity of T-BSPIR equals $1-\frac{2B+T}{N}$, if the servers share common randomness (unavailable at the user) with amount at least $\frac{2B+T}{N-2B-T}$ times the file size. Otherwise, the capacity equals zero. The capacity of T-ESPIR is proved to equal $1-\frac{\max(T,E)}{N}$, with common randomness at least $\frac{\max(T,E)}{N-\max(T,E)}$ times the file size. Finally, the capacity of T-BESPIR is proved to be $1-\frac{2B+\max(T,E)}{N}$, with common randomness at least $\frac{2B+\max(T,E)}{N-2B-\max(T,E)}$ times the file size

Towards the Capacity of Private Information Retrieval from Coded and Colluding Servers

In this work, two practical concepts related to private information retrieval (PIR) are introduced and coined full support-rank PIR and strongly linear PIR. Being of full support-rank is a technical, yet natural condition required to prove a converse result for a capacity expression and satisfied by almost all currently known capacity-achieving schemes, while strong linearity is a practical requirement enabling implementation over small finite fields with low subpacketization degree. Then, the capacity of MDS-coded, linear, full support-rank PIR in the presence of colluding servers is derived, as well as the capacity of symmetric, linear PIR with colluding, adversarial, and nonresponsive servers for the recently introduced concept of matched randomness. This positively settles the capacity conjectures stated by Freij-Hollanti et al. and Tajeddine et al. in the presented cases. It is also shown that, further restricting to strongly-linear PIR schemes with deterministic linear interference cancellation, the so-called star product scheme proposed by Freij-Hollanti et al. is essentially optimal and induces no capacity loss

Privacy-Preserving Smart Parking System Using Blockchain and Private Information Retrieval

Searching for available parking spaces is a major problem for drivers especially in big crowded cities, causing traffic congestion and air pollution, and wasting drivers' time. Smart parking systems are a novel solution to enable drivers to have real-time parking information for pre-booking. However, current smart parking requires drivers to disclose their private information, such as desired destinations. Moreover, the existing schemes are centralized and vulnerable to the bottleneck of the single point of failure and data breaches. In this paper, we propose a distributed privacy-preserving smart parking system using blockchain. A consortium blockchain created by different parking lot owners to ensure security, transparency, and availability is proposed to store their parking offers on the blockchain. To preserve drivers' location privacy, we adopt a private information retrieval (PIR) technique to enable drivers to retrieve parking offers from blockchain nodes privately, without revealing which parking offers are retrieved. Furthermore, a short randomizable signature is used to enable drivers to reserve available parking slots in an anonymous manner. Besides, we introduce an anonymous payment system that cannot link drivers' to specific parking locations. Finally, our performance evaluations demonstrate that the proposed scheme can preserve drivers' privacy with low communication and computation overhead

The Capacity of Cache Aided Private Information Retrieval

The problem of cache enabled private information retrieval (PIR) is considered in which a user wishes to privately retrieve one out of $K$ messages, each of size $L$ bits from $N$ distributed databases. The user has a local cache of storage $SL$ bits which can be used to store any function of the $K$ messages. The main contribution of this work is the exact characterization of the capacity of cache aided PIR as a function of the storage parameter $S$. In particular, for a given cache storage parameter $S$, the information-theoretically optimal download cost $D^{*}(S)/L$ (or the inverse of capacity) is shown to be equal to $(1- \frac{S}{K})\left(1+ \frac{1}{N}+ \ldots + \frac{1}{N^{K-1}}\right)$. Special cases of this result correspond to the settings when $S=0$, for which the optimal download cost was shown by Sun and Jafar to be $\left(1+ \frac{1}{N}+ \ldots + \frac{1}{N^{K-1}}\right)$, and the case when $S=K$, i.e., cache size is large enough to store all messages locally, for which the optimal download cost is $0$. The intermediate points $S\in (0, K)$ can be readily achieved through a simple memory-sharing based PIR scheme. The key technical contribution of this work is the converse, i.e., a lower bound on the download cost as a function of storage $S$ which shows that memory sharing is information-theoretically optimal

Secure Private Information Retrieval from Colluding Databases with Eavesdroppers

The problem of private information retrieval (PIR) is to retrieve one message out of $K$ messages replicated at $N$ databases, without revealing the identity of the desired message to the databases. We consider the problem of PIR with colluding servers and eavesdroppers, named T-EPIR. Specifically, any $T$ out of $N$ databases may collude, i.e. they may communicate their interactions with the user to guess the identity of the requested message. An eavesdropper is curious to know the database and can tap in on the incoming and outgoing transmissions of any $E$ databases. The databases share some common randomness unknown to the eavesdropper and the user, and use the common randomness to generate the answers, such that the eavesdropper can learn no information about the $K$ messages. Define $R^*$ as the optimal ratio of the number of the desired message information bits to the number of total downloaded bits, and $\rho^*$ to be the optimal ratio of the information bits of the shared common randomness to the information bits of the desired file. In our previous work, we found that when $E \geq T$, the optimal ratio that can be achieved equals $1-\frac{E}{N}$. In this work, we focus on the case when $E \leq T$. We derive an outer bound $R^* \leq (1-\frac{T}{N}) \frac{1-\frac{E}{N} \cdot (\frac{T}{N})^{K-1}}{1-(\frac{T}{N})^K}$. We also obtain a lower bound of $\rho^* \geq \frac{\frac{E}{N}(1-(\frac{T}{N})^K)}{(1-\frac{T}{N})(1-\frac{E}{N} \cdot (\frac{T}{N})^{K-1})}$. For the achievability, we propose a scheme which achieves the rate (inner bound) $R=\frac{1-\frac{T}{N}}{1-(\frac{T}{N})^K}-\frac{E}{KN}$. The amount of shared common randomness used in the achievable scheme is $\frac{\frac{E}{N}(1-(\frac{T}{N})^K)}{1-\frac{T}{N}-\frac{E}{KN}(1-(\frac{T}{N})^K)}$ times the file size. The gap between the derived inner and outer bounds vanishes as the number of messages $K$ tends to infinity

The ϵ\epsilon-error Capacity of Symmetric PIR with Byzantine Adversaries

The capacity of symmetric private information retrieval with $K$ messages, $N$ servers (out of which any $T$ may collude), and an omniscient Byzantine adversary (who can corrupt any $B$ answers) is shown to be $1 - \frac{T+2B}{N}$ [1], under the requirement of zero probability of error. In this work, we show that by weakening the adversary slightly (either providing secret low rate channels between the servers and the user, or limiting the observation of the adversary), and allowing vanishing probability of error, the capacity increases to $1 - \frac{T+B}{N}$.Comment: Part of this paper will be presented in 2018 IEEE Information Theory Workshop (ITW

Private Information Retrieval from Storage Constrained Databases -- Coded Caching meets PIR

Private information retrieval (PIR) allows a user to retrieve a desired message out of $K$ possible messages from $N$ databases without revealing the identity of the desired message. Majority of existing works on PIR assume the presence of replicated databases, each storing all the $K$ messages. In this work, we consider the problem of PIR from storage constrained databases. Each database has a storage capacity of $\mu KL$ bits, where $K$ is the number of messages, $L$ is the size of each message in bits, and $\mu \in [1/N, 1]$ is the normalized storage. In the storage constrained PIR problem, there are two key design questions: a) how to store content across each database under storage constraints; and b) construction of schemes that allow efficient PIR through storage constrained databases. The main contribution of this work is a general achievable scheme for PIR from storage constrained databases for any value of storage. In particular, for any $(N,K)$, with normalized storage $\mu= t/N$, where the parameter $t$ can take integer values $t \in \{1, 2, \ldots, N\}$, we show that our proposed PIR scheme achieves a download cost of $\left(1+ \frac{1}{t}+ \frac{1}{t^{2}}+ \cdots + \frac{1}{t^{K-1}}\right)$. The extreme case when $\mu=1$ (i.e., $t=N$) corresponds to the setting of replicated databases with full storage. For this extremal setting, our scheme recovers the information-theoretically optimal download cost characterized by Sun and Jafar as $\left(1+ \frac{1}{N}+ \cdots + \frac{1}{N^{K-1}}\right)$. For the other extreme, when $\mu= 1/N$ (i.e., $t=1$), the proposed scheme achieves a download cost of $K$. The interesting aspect of the result is that for intermediate values of storage, i.e., $1/N < \mu <1$, the proposed scheme can strictly outperform memory-sharing between extreme values of storage