The Capacity of Private Information Retrieval with Eavesdroppers

We consider the problem of private information retrieval (PIR) with colluding servers and eavesdroppers (abbreviated as ETPIR). The ETPIR problem is comprised of $K$ messages, $N$ servers where each server stores all $K$ messages, a user who wants to retrieve one of the $K$ messages without revealing the desired message index to any set of $T$ colluding servers, and an eavesdropper who can listen to the queries and answers of any $E$ servers but is prevented from learning any information about the messages. The information theoretic capacity of ETPIR is defined to be the maximum number of desired message symbols retrieved privately per information symbol downloaded. We show that the capacity of ETPIR is $C = \left( 1- \frac{E}{N} \right) \left(1 + \frac{T-E}{N-E} + \cdots + \left( \frac{T-E}{N-E} \right)^{K-1} \right)^{-1}$ when $E < T$, and $C = \left( 1 - \frac{E}{N} \right)$ when $E \geq T$. To achieve the capacity, the servers need to share a common random variable (independent of the messages), and its size must be at least $\frac{E}{N} \cdot \frac{1}{C}$ symbols per message symbol. Otherwise, with less amount of shared common randomness, ETPIR is not feasible and the capacity reduces to zero. An interesting observation is that the ETPIR capacity expression takes different forms in two regimes. When $E < T$, the capacity equals the inverse of a sum of a geometric series with $K$ terms and decreases with $K$; this form is typical for capacity expressions of PIR. When $E \geq T$, the capacity does not depend on $K$, a typical form for capacity expressions of SPIR (symmetric PIR, which further requires data-privacy, {\it i.e.,} the user learns no information about other undesired messages); the capacity does not depend on $T$ either. In addition, the ETPIR capacity result includes multiple previous PIR and SPIR capacity results as special cases

Quantum Symmetric Private Information Retrieval with Secure Storage and Eavesdroppers

We consider both the classical and quantum variations of $X$-secure, $E$-eavesdropped and $T$-colluding symmetric private information retrieval (SPIR). This is the first work to study SPIR with $X$-security in classical or quantum variations. We first develop a scheme for classical $X$-secure, $E$-eavesdropped and $T$-colluding SPIR (XSETSPIR) based on a modified version of cross subspace alignment (CSA), which achieves a rate of $R= 1 - \frac{X+\max(T,E)}{N}$. The modified scheme achieves the same rate as the scheme used for $X$-secure PIR with the extra benefit of symmetric privacy. Next, we extend this scheme to its quantum counterpart based on the $N$-sum box abstraction. This is the first work to consider the presence of eavesdroppers in quantum private information retrieval (QPIR). In the quantum variation, the eavesdroppers have better access to information over the quantum channel compared to the classical channel due to the over-the-air decodability. To that end, we develop another scheme specialized to combat eavesdroppers over quantum channels. The scheme proposed for $X$-secure, $E$-eavesdropped and $T$-colluding quantum SPIR (XSETQSPIR) in this work maintains the super-dense coding gain from the shared entanglement between the databases, i.e., achieves a rate of $R_Q = \min\left\{ 1, 2\left(1-\frac{X+\max(T,E)}{N}\right)\right\}$

Double Blind TT-Private Information Retrieval

Double blind $T$-private information retrieval (DB-TPIR) enables two users, each of whom specifies an index ($\theta_1, \theta_2$, resp.), to efficiently retrieve a message $W(\theta_1,\theta_2)$ labeled by the two indices, from a set of $N$ servers that store all messages $W(k_1,k_2), k_1\in\{1,2,\cdots,K_1\}, k_2\in\{1,2,\cdots,K_2\}$, such that the two users' indices are kept private from any set of up to $T_1,T_2$ colluding servers, respectively, as well as from each other. A DB-TPIR scheme based on cross-subspace alignment is proposed in this paper, and shown to be capacity-achieving in the asymptotic setting of large number of messages and bounded latency. The scheme is then extended to $M$-way blind $X$-secure $T$-private information retrieval (MB-XS-TPIR) with multiple ($M$) indices, each belonging to a different user, arbitrary privacy levels for each index ($T_1, T_2,\cdots, T_M$), and arbitrary level of security ($X$) of data storage, so that the message $W(\theta_1,\theta_2,\cdots, \theta_M)$ can be efficiently retrieved while the stored data is held secure against collusion among up to $X$ colluding servers, the $m^{th}$ user's index is private against collusion among up to $T_m$ servers, and each user's index $\theta_m$ is private from all other users. The general scheme relies on a tensor-product based extension of cross-subspace alignment and retrieves $1-(X+T_1+\cdots+T_M)/N$ bits of desired message per bit of download.Comment: Accepted for publication in IEEE Journal on Selected Areas in Information Theory (JSAIT

The Asymptotic Capacity of XX-Secure TT-Private Linear Computation with Graph Based Replicated Storage

The problem of $X$-secure $T$-private linear computation with graph based replicated storage (GXSTPLC) is to enable the user to retrieve a linear combination of messages privately from a set of $N$ distributed servers where every message is only allowed to store among a subset of servers subject to an $X$-security constraint, i.e., any groups of up to $X$ colluding servers must reveal nothing about the messages. Besides, any groups of up to $T$ servers cannot learn anything about the coefficients of the linear combination retrieved by the user. In this work, we completely characterize the asymptotic capacity of GXSTPLC, i.e., the supremum of average number of desired symbols retrieved per downloaded symbol, in the limit as the number of messages $K$ approaches infinity. Specifically, it is shown that a prior linear programming based upper bound on the asymptotic capacity of GXSTPLC due to Jia and Jafar is tight by constructing achievability schemes. Notably, our achievability scheme also settles the exact capacity (i.e., for finite $K$) of $X$-secure linear combination with graph based replicated storage (GXSLC). Our achievability proof builds upon an achievability scheme for a closely related problem named asymmetric $\mathbf{X}$-secure $\mathbf{T}$-private linear computation with graph based replicated storage (Asymm-GXSTPLC) that guarantees non-uniform security and privacy levels across messages and coefficients. In particular, by carefully designing Asymm-GXSTPLC settings for GXSTPLC problems, the corresponding Asymm-GXSTPLC schemes can be reduced to asymptotic capacity achieving schemes for GXSTPLC. In regard to the achievability scheme for Asymm-GXSTPLC, interesting aspects of our construction include a novel query and answer design which makes use of a Vandermonde decomposition of Cauchy matrices, and a trade-off among message replication, security and privacy thresholds.Comment: 39 pages, 2 figure