Query-Efficient Locally Decodable Codes of Subexponential Length

We develop the algebraic theory behind the constructions of Yekhanin (2008) and Efremenko (2009), in an attempt to understand the ``algebraic niceness'' phenomenon in $\mathbb{Z}_m$. We show that every integer $m = pq = 2^t -1$, where $p$, $q$ and $t$ are prime, possesses the same good algebraic property as $m=511$ that allows savings in query complexity. We identify 50 numbers of this form by computer search, which together with 511, are then applied to gain improvements on query complexity via Itoh and Suzuki's composition method. More precisely, we construct a $3^{\lceil r/2\rceil}$-query LDC for every positive integer $r<104$ and a $\left\lfloor (3/4)^{51}\cdot 2^{r}\right\rfloor$-query LDC for every integer $r\geq 104$, both of length $N_{r}$, improving the $2^r$ queries used by Efremenko (2009) and $3\cdot 2^{r-2}$ queries used by Itoh and Suzuki (2010). We also obtain new efficient private information retrieval (PIR) schemes from the new query-efficient LDCs.Comment: to appear in Computational Complexit

Communication-efficient distributed oblivious transfer

AbstractDistributed oblivious transfer (DOT) was introduced by Naor and Pinkas (2000) [31], and then generalized to (k,ℓ)-DOT-(n1) by Blundo et al. (2007) [8] and Nikov et al. (2002) [34]. In the generalized setting, a (k,ℓ)-DOT-(n1) allows a sender to communicate one of n secrets to a receiver with the help of ℓ servers. Specifically, the transfer task of the sender is distributed among ℓ servers and the receiver interacts with k out of the ℓ servers in order to retrieve the secret he is interested in. The DOT protocols we consider in this work are information-theoretically secure. The known (k,ℓ)-DOT-(n1) protocols require linear (in n) communication complexity between the receiver and servers. In this paper, we construct (k,ℓ)-DOT-(n1) protocols which only require sublinear (in n) communication complexity between the receiver and servers. Our constructions are based on information-theoretic private information retrieval. In particular, we obtain both a specific reduction from (k,ℓ)-DOT-(n1) to polynomial interpolation-based information-theoretic private information retrieval and a general reduction from (k,ℓ)-DOT-(n1) to any information-theoretic private information retrieval. The specific reduction yields (t,τ)-private (k,ℓ)-DOT-(n1) protocols of communication complexity O(n1/⌊(k−τ−1)/t⌋) between a semi-honest receiver and servers for any integers t and τ such that 1⩽t⩽k−1 and 0⩽τ⩽k−1−t. The general reduction yields (t,τ)-private (k,ℓ)-DOT-(n1) protocols which are as communication-efficient as the underlying private information retrieval protocols for any integers t and τ such that 1⩽t⩽k−2 and 0⩽τ⩽k−1−t

Limits of Preprocessing for Single-Server PIR

We present a lower bound for the static cryptographic data structure problem of single-server private information retrieval (PIR). PIR considers the setting where a server holds a database of $n$ entries and a client wishes to privately retrieve the $i$-th entry without revealing the index $i$ to the server. In our work, we focus on PIR with preprocessing where an $r$-bit hint may be computed in a preprocessing stage and stored by the server to be used to perform private queries in expected time $t$. We consider the public preprocessing setting of Beimel et al. [JoC, 2004] where the hint is publicly available to everyone including the adversary. We prove that for any single-server computationally secure PIR with preprocessing it must be that $tr = \Omega(n \log n)$ when $r = \Omega(\log n)$. If $r = O(\log n)$, we show that $t = \Omega(n)$. Our lower bound holds even when the scheme errs with probability $1/n^2$ and the adversary’s distinguishing advantage is $1/n$. Our work improves upon the $tr = \Omega(n)$ lower bound of Beimel et al. [JoC, 2004]. We prove our lower bound in a variant of the cell probe model where only accesses to the memory are charged cost and computation and accesses to the hint are free. Our main technical contribution is a novel use of the cell sampling technique (also known as the incompressibility technique) used to obtain lower bounds on data structures. In previous works, this technique only leveraged the correctness guarantees to prove lower bounds even when used for cryptographic primitives. Our work combines the cell sampling technique with the privacy guarantees of PIR to construct a powerful, polynomial-time adversary that is critical to proving our higher lower bounds

Private data base access schemes avoiding data distribution

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1997.Includes bibliographical references (p. 71-72).by Yael Gertner.M.Eng

Upper Bound on the Communication Complexity of Private Information Retrieval

We construct a scheme for private information retrieval with k databases and communication complexity O(n 1=(2k 1) ). 1 Introduction Much attention has been given to the problem of protecting a database from a user that tries to retrieve an information that he is not allowed to access[2, 8, 12]. In some scenarios, an opposite problem can appear: a user wishes to retrieve some infomation from a database without revealing to the database what information he needs. For example[7], an investor wishes to receive The author was supported by Latvia Science Council Grant 96.0282 and scholarship &quot;SWH Izgltbai, Zinatnei un Kulturai&quot; from Latvia Education Foundation 1 an information about a certain stock but he does not wish others (even the database) to know in which particular stock he is interested. However, there is only one way to reach a complete privacy: the user should ask for the copy of the entire database. Otherwise, the database will get some information what the use..