219 research outputs found
A Storage-Efficient and Robust Private Information Retrieval Scheme Allowing Few Servers
Since the concept of locally decodable codes was introduced by Katz and
Trevisan in 2000, it is well-known that information the-oretically secure
private information retrieval schemes can be built using locally decodable
codes. In this paper, we construct a Byzantine ro-bust PIR scheme using the
multiplicity codes introduced by Kopparty et al. Our main contributions are on
the one hand to avoid full replica-tion of the database on each server; this
significantly reduces the global redundancy. On the other hand, to have a much
lower locality in the PIR context than in the LDC context. This shows that
there exists two different notions: LDC-locality and PIR-locality. This is made
possible by exploiting geometric properties of multiplicity codes
Optimal non-perfect uniform secret sharing schemes
A secret sharing scheme is non-perfect if some subsets of participants that cannot recover the secret value have partial information about it. The information ratio of a secret sharing scheme is the ratio between the maximum length of the shares and the length of the secret. This work is dedicated to the search of bounds on the information ratio of non-perfect secret sharing schemes. To this end, we extend the known connections between polymatroids and perfect secret sharing schemes to the non-perfect case. In order to study non-perfect secret sharing schemes in all generality, we describe their structure through their access function, a real function that measures the amount of information that every subset of participants obtains about the secret value. We prove that there exists a secret sharing scheme for every access function. Uniform access functions, that is, the ones whose values depend only on the number of participants, generalize the threshold access structures. Our main result is to determine the optimal information ratio of the uniform access functions. Moreover, we present a construction of linear secret sharing schemes with optimal information ratio for the rational uniform access functions.Peer ReviewedPostprint (author's final draft
Distributed Private Heavy Hitters
In this paper, we give efficient algorithms and lower bounds for solving the
heavy hitters problem while preserving differential privacy in the fully
distributed local model. In this model, there are n parties, each of which
possesses a single element from a universe of size N. The heavy hitters problem
is to find the identity of the most common element shared amongst the n
parties. In the local model, there is no trusted database administrator, and so
the algorithm must interact with each of the parties separately, using a
differentially private protocol. We give tight information-theoretic upper and
lower bounds on the accuracy to which this problem can be solved in the local
model (giving a separation between the local model and the more common
centralized model of privacy), as well as computationally efficient algorithms
even in the case where the data universe N may be exponentially large
Improved Lower Bounds for Locally Decodable Codes and Private Information Retrieval
We prove new lower bounds for locally decodable codes and private information
retrieval. We show that a 2-query LDC encoding n-bit strings over an l-bit
alphabet, where the decoder only uses b bits of each queried position of the
codeword, needs code length m = exp(Omega(n/(2^b Sum_{i=0}^b {l choose i})))
Similarly, a 2-server PIR scheme with an n-bit database and t-bit queries,
where the user only needs b bits from each of the two l-bit answers, unknown to
the servers, satisfies t = Omega(n/(2^b Sum_{i=0}^b {l choose i})). This
implies that several known PIR schemes are close to optimal. Our results
generalize those of Goldreich et al. who proved roughly the same bounds for
linear LDCs and PIRs. Like earlier work by Kerenidis and de Wolf, our classical
lower bounds are proved using quantum computational techniques. In particular,
we give a tight analysis of how well a 2-input function can be computed from a
quantum superposition of both inputs.Comment: 12 pages LaTeX, To appear in ICALP '0
Fourier-based Function Secret Sharing with General Access Structure
Function secret sharing (FSS) scheme is a mechanism that calculates a
function f(x) for x in {0,1}^n which is shared among p parties, by using
distributed functions f_i:{0,1}^n -> G, where G is an Abelian group, while the
function f:{0,1}^n -> G is kept secret to the parties. Ohsawa et al. in 2017
observed that any function f can be described as a linear combination of the
basis functions by regarding the function space as a vector space of dimension
2^n and gave new FSS schemes based on the Fourier basis. All existing FSS
schemes are of (p,p)-threshold type. That is, to compute f(x), we have to
collect f_i(x) for all the distributed functions. In this paper, as in the
secret sharing schemes, we consider FSS schemes with any general access
structure. To do this, we observe that Fourier-based FSS schemes by Ohsawa et
al. are compatible with linear secret sharing scheme. By incorporating the
techniques of linear secret sharing with any general access structure into the
Fourier-based FSS schemes, we show Fourier-based FSS schemes with any general
access structure.Comment: 12 page
On the optimization of bipartite secret sharing schemes
Optimizing the ratio between the maximum length of the shares and the length of the secret value in secret sharing schemes for general access structures is an extremely difficult and long-standing open problem. In this paper, we study it for bipartite access structures, in which the set of participants
is divided in two parts, and all participants in each part play an equivalent role. We focus on the search of lower bounds by using a special class of polymatroids that is introduced here, the bipartite ones. We present a method based on linear programming to compute, for every given bipartite access structure, the best lower bound that can be obtained by this combinatorial method. In addition, we obtain some general lower bounds that improve the previously known ones, and we construct optimal secret sharing schemes for a family of bipartite access structures.Postprint (author’s final draft
Complexity of Equivalence and Learning for Multiplicity Tree Automata
We consider the complexity of equivalence and learning for multiplicity tree
automata, i.e., weighted tree automata over a field. We first show that the
equivalence problem is logspace equivalent to polynomial identity testing, the
complexity of which is a longstanding open problem. Secondly, we derive lower
bounds on the number of queries needed to learn multiplicity tree automata in
Angluin's exact learning model, over both arbitrary and fixed fields.
Habrard and Oncina (2006) give an exact learning algorithm for multiplicity
tree automata, in which the number of queries is proportional to the size of
the target automaton and the size of a largest counterexample, represented as a
tree, that is returned by the Teacher. However, the smallest
tree-counterexample may be exponential in the size of the target automaton.
Thus the above algorithm does not run in time polynomial in the size of the
target automaton, and has query complexity exponential in the lower bound.
Assuming a Teacher that returns minimal DAG representations of
counterexamples, we give a new exact learning algorithm whose query complexity
is quadratic in the target automaton size, almost matching the lower bound, and
improving the best previously-known algorithm by an exponential factor
2-Server PIR with sub-polynomial communication
A 2-server Private Information Retrieval (PIR) scheme allows a user to
retrieve the th bit of an -bit database replicated among two servers
(which do not communicate) while not revealing any information about to
either server. In this work we construct a 1-round 2-server PIR with total
communication cost . This improves over the
currently known 2-server protocols which require communication and
matches the communication cost of known 3-server PIR schemes. Our improvement
comes from reducing the number of servers in existing protocols, based on
Matching Vector Codes, from 3 or 4 servers to 2. This is achieved by viewing
these protocols in an algebraic way (using polynomial interpolation) and
extending them using partial derivatives
Concentrated Differential Privacy: Simplifications, Extensions, and Lower Bounds
"Concentrated differential privacy" was recently introduced by Dwork and
Rothblum as a relaxation of differential privacy, which permits sharper
analyses of many privacy-preserving computations. We present an alternative
formulation of the concept of concentrated differential privacy in terms of the
Renyi divergence between the distributions obtained by running an algorithm on
neighboring inputs. With this reformulation in hand, we prove sharper
quantitative results, establish lower bounds, and raise a few new questions. We
also unify this approach with approximate differential privacy by giving an
appropriate definition of "approximate concentrated differential privacy.
The Complexity of Multiparty PSM Protocols and Related Models
We study the efficiency of computing arbitrary k-argument functions in the Private Simultaneous Messages (PSM) model of (Feige et al. STOC\u2794, Ishai and Kushilevitz ISTCS\u2797). This question was recently studied by (Beimel et al. TCC\u2714), in the two-party case (k = 2). We tackle this question in the general case of PSM protocols for k > 2 parties. Our motivation is two-fold: On one hand, there are various applications (old and new) of PSM protocols for constructing other cryptographic primitives, where obtaining more efficient PSM protocols imply more efficient primitives. On the other hand, improved PSM protocols are an interesting goal on its own. In particular, we pay a careful attention to the case of small number of parties (e.g., k = 3,4, 5), which may be especially interesting in practice, and optimize our protocols for those cases.
Our new upper bounds include a k-party PSM protocol, for any k > 2 and any function f : [N]^k --> {0; 1}, of complexity O(poly(k) N^{k/2}) (compared to the previous upper bound of O(poly(k) N^{k-1})), and even better bounds for small values of k; e.g., an O(N) PSM protocol for the case k = 3. We also handle the more involved case where different parties have inputs of different sizes, which is useful both in practice and for applications.
As applications, we obtain more efficient Non-Interactive secure Multi-Party (NIMPC) protocols (a variant of PSM, where some of the parties may collude with the referee (Beimel et al. CRYPTO\u2714)), improved ad-hoc PSM protocols (another variant of PSM, where the subset of participating parties is not known in advance (Beimel et al. ITCS\u2716, Beimel et al. EUROCRYPT\u2717)), secret-sharing schemes for strongly-homogeneous access structures with smaller share size than previously known, and better homogeneous distribution designs (Beimel et al. ITCS\u2716), a primitive with many cryptographic applications on its own
- …