Verifiable Coded Computation of Multiple Functions

We consider the problem of evaluating distinct multivariate polynomials over several massive datasets in a distributed computing system with a single master node and multiple worker nodes. We focus on the general case when each multivariate polynomial is evaluated over its corresponding dataset and propose a generalization of the Lagrange Coded Computing framework (Yu et al. 2019) to perform all computations simultaneously while providing robustness against stragglers who do not respond in time, adversarial workers who respond with wrong computation and information-theoretic security of dataset against colluding workers. Our scheme introduces a small computation overhead which results in a reduction in download cost and also offers comparable resistance to stragglers over existing solutions. On top of it, we also propose two verification schemes to detect the presence of adversaries, which leads to incorrect results, without involving additional nodes.Comment: 13 pages, 1 figure, 2 table

Explicit Low-Bandwidth Evaluation Schemes for Weighted Sums of Reed-Solomon-Coded Symbols

Motivated by applications in distributed storage, distributed computing, and homomorphic secret sharing, we study communication-efficient schemes for computing linear combinations of coded symbols. Specifically, we design low-bandwidth schemes that evaluate the weighted sum of $\ell$ coded symbols in a codeword $\pmb{c}\in\mathbb{F}^n$, when we are given access to $d$ of the remaining components in $\pmb{c}$. Formally, suppose that $\mathbb{F}$ is a field extension of $\mathbb{B}$ of degree $t$. Let $\pmb{c}$ be a codeword in a Reed-Solomon code of dimension $k$ and our task is to compute the weighted sum of $\ell$ coded symbols. In this paper, for some $s<t$, we provide an explicit scheme that performs this task by downloading $d(t-s)$ sub-symbols in $\mathbb{B}$ from $d$ available nodes, whenever $d\geq \ell|\mathbb{B}|^s-\ell+k$. In many cases, our scheme outperforms previous schemes in the literature. Furthermore, we provide a characterization of evaluation schemes for general linear codes. Then in the special case of Reed-Solomon codes, we use this characterization to derive a lower bound for the evaluation bandwidth.Comment: 23 pages, 2 figure

Committed Private Information Retrieval

A private information retrieval (PIR) scheme allows a client to retrieve a data item $x_i$ among $n$ items $x_1,x_2,\ldots,x_n$ from $k$ servers, without revealing what $i$ is even when $t < k$ servers collude and try to learn $i$. Such a PIR scheme is said to be $t$-private. A PIR scheme is $v$-verifiable if the client can verify the correctness of the retrieved $x_i$ even when $v \leq k$ servers collude and try to fool the client by sending manipulated data. Most of the previous works in the literature on PIR assumed that $v < k$, leaving the case of all-colluding servers open. We propose a generic construction that combines a linear map commitment (LMC) and an arbitrary linear PIR scheme to produce a $k$-verifiable PIR scheme, termed a committed PIR scheme. Such a scheme guarantees that even in the worst scenario, when all servers are under the control of an attacker, although the privacy is unavoidably lost, the client won't be fooled into accepting an incorrect $x_i$. We demonstrate the practicality of our proposal by implementing the committed PIR schemes based on the Lai-Malavolta LMC and three well-known PIR schemes using the GMP library and blst, the current fastest C library for elliptic curve pairings.Comment: Accepted at ESORICS 202

Coded computation of multiple functions

We consider the problem of evaluating arbitrary multivariate polynomials over several massive datasets in a distributed computing system with a single master node and multiple worker nodes. We focus on the general case when each multivariate polynomial is evaluated over its dataset and propose a generalization of the Lagrange Coded Computing framework (Yu et al. 2019) to provide robustness against stragglers who do not respond in time, adversarial workers who respond with wrong computation and information-theoretic security of dataset against colluding workers. Our scheme introduces a small computation overhead which results in a reduction in download cost and also offers comparable resistance to stragglers over existing solutions.Ministry of Education (MOE)National Research Foundation (NRF)Submitted/Accepted versionThis research / project is supported by the National Research Foundation, Singapore under its Strategic Capability Research Centres Funding Initiative, and Singapore Ministry of Education Academic Research Fund Tier 2 Grants MOE2019-T2-2- 083 and MOE-T2EP20121-0007

Information-theoretic problems of DNA-based storage systems

International audienceCurrently, we witness an explosive growth in the amount of information produced by humanity. This raises new fundamental problems of its efficient storage and processing. Commonly used magnetic, optical, and semiconductor information storage devices have several drawbacks related to small information density and limited durability. One of the promising novel approaches to solving these problems is DNA-based data storage. Purpose: An overview of modern DNA-based storage systems and related information-theoretic problems. Results: The current state of the art of DNA-based storage systems is reviewed. Types of errors occurring in them as well as corresponding error-correcting codes are analysed. The disadvantages of these codes are shown, and possible pathways for improvement are mentioned. Proposed information-theoretic models of DNA-based storage systems are analysed, and their limitation highlighted. In conclusion, main obstacles to practical implementation of DNA-based storage systems are formulated, which can be potentially overcome using information-theoretic methods considered in this overview.Введение: взрывной рост объемов производимой человечеством информации ставит новые фундаментальные задачи, связанные с ее эффективным хранением и доступом к ней. Широко используемые при этом магнитные, оптические и полупроводниковые устройства хранения имеют ряд существенных недостатков, связанных, прежде всего, с ограничениями на объем и долговечность хранения. Одной из возможных альтернатив, активно исследуемой в последние годы, является хранение данных с помощью молекул ДНК. Цель: обзор текущего состояния методов хранения информации с помощью молекул ДНК и связанных теоретико-информационных проблем. Результаты: сделан обзор современного состояния дел в разработке систем ДНК-памяти. Проведен анализ типов ошибок, возникающих в таких системах, и корректирующих кодов для выявления и исправления этих ошибок. Показаны недостатки предложенных на сегодня кодов и указаны возможные направления их улучшения. Приведен анализ существующих теоретико-информационных моделей каналов для систем ДНК-памяти и присущих им ограничений. В заключении обзора сформулированы основные проблемы на пути создания практических систем ДНК-памяти, решению которых послужит дальнейшее развитие теоретико-информационных методов, рассмотренных в настоящем обзоре. Ключевые слова-системы хранения информации, ДНК-память, каналы передачи информации, пропускная способность канала, ошибки замены, ошибки вставки, ошибки выпадения

Two-Server Private Information Retrieval with Optimized Download Rate and Result Verification

Private Information Retrieval (PIR) schemes allow a client to retrieve any file of interest, while hiding the file identity from the database servers. In contrast to most existing PIR schemes that assume honest-but-curious servers, we study the case of dishonest servers. The latter provide incorrect answers and try to persuade the client to output the wrong result. We introduce several PIR schemes with information-theoretic privacy and result verification for the case of two servers. Security guarantees can be information-theoretical or computational, and the verification keys can be public or private. In this work, our main performance metric is the download rate.Comment: Accepted to IEEE International Symposium on Information Theory 202