Results 1 - 10
of
25
Reducing the servers' computation in private information retrieval: Pir with preprocessing
- In CRYPTO 2000
, 2000
"... Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols wi ..."
Abstract
-
Cited by 56 (8 self)
- Add to MetaCart
(Show Context)
Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sub-linear communication were suggested. However, in all these protocols the servers ’ computation for each retrieval is at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the model of PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomially-many information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a k-server protocol with O(n 1/(2k−1)) communication and O(n / log 2k−2 n) work, and for any constants k ≥ 2 and ɛ> 0 a k-server protocol with O(n 1/k+ɛ) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an off-line stage. 1
Private Searching On Streaming Data
, 2007
"... In this paper, we consider the problem of private searching on streaming data, where we can efficiently implement searching for documents that satisfy a secret criteria (such as presence or absence of a hidden combination of hidden keywords) under various cryptographic assumptions. Our results can b ..."
Abstract
-
Cited by 45 (1 self)
- Add to MetaCart
In this paper, we consider the problem of private searching on streaming data, where we can efficiently implement searching for documents that satisfy a secret criteria (such as presence or absence of a hidden combination of hidden keywords) under various cryptographic assumptions. Our results can be viewed in a variety of ways: as a generalization of the notion of Private Information Retrieval (to more general queries and to a streaming environment); as positive results on privacy-preserving datamining; and as a delegation of hidden program computation to other machines.
A survey on private information retrieval
- Bulletin of the EATCS
, 2004
"... Alice wants to query a database but she does not want the database to learn what she is querying. She can ask for the entire database. Can she get her query answered with less communication? One model of this problem is Private Information Retrieval, henceforth PIR. We survey results obtained about ..."
Abstract
-
Cited by 44 (1 self)
- Add to MetaCart
(Show Context)
Alice wants to query a database but she does not want the database to learn what she is querying. She can ask for the entire database. Can she get her query answered with less communication? One model of this problem is Private Information Retrieval, henceforth PIR. We survey results obtained about the PIR model including partial answers to the following questions. (1) What if there are k non-communicating copies of the database but they are computationally unbounded? (2) What if there is only one copy of the database and it is computationally bounded? 1
Finding collisions in interactive protocols – A tight lower bound on the round complexity of statistically-hiding commitments
- In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
, 2007
"... We study the round complexity of various cryptographic protocols. Our main result is a tight lower bound on the round complexity of any fully-black-box construction of a statistically-hiding commitment scheme from one-way permutations, and even from trapdoor permutations. This lower bound matches th ..."
Abstract
-
Cited by 42 (13 self)
- Add to MetaCart
(Show Context)
We study the round complexity of various cryptographic protocols. Our main result is a tight lower bound on the round complexity of any fully-black-box construction of a statistically-hiding commitment scheme from one-way permutations, and even from trapdoor permutations. This lower bound matches the round complexity of the statistically-hiding commitment scheme due to Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92). As a corollary, we derive similar tight lower bounds for several other cryptographic protocols, such as single-server private information retrieval, interactive hashing, and oblivious transfer that guarantees statistical security for one of the parties. Our techniques extend the collision-finding oracle due to Simon (EUROCRYPT ’98) to the setting of interactive protocols (our extension also implies an alternative proof for the main property of the original oracle). In addition, we substantially extend the reconstruction paradigm of Gennaro and Trevisan (FOCS ‘00). In both cases, our extensions are quite delicate and may be found useful in proving additional black-box separation results.
Single Database Private Information Retrieval with Logarithmic Communication
, 2004
"... In this paper, we study the problem of single database private information retrieval, and present schemes with only logarithmic server-side communication complexity. Previously the best result could only achieve polylogarithmic communication, and was based on certain less well-studied assumptions ..."
Abstract
-
Cited by 41 (0 self)
- Add to MetaCart
(Show Context)
In this paper, we study the problem of single database private information retrieval, and present schemes with only logarithmic server-side communication complexity. Previously the best result could only achieve polylogarithmic communication, and was based on certain less well-studied assumptions in number theory [CMS99]. On the contrary, our construction is based on Paillier's cryptosystem [P99], which along with its variants have drawn extensive studies in recent cryptographic researches [PP99, G00, CGGN01, DJ01, CGG02, CNS02, ST02, GMMV03, KT03], and have many important applications (e.g., the Cramer-Shoup CCA2 encryption scheme in the standard model [CS02]).
On robust combiners for private information retrieval and other primitives
- CRYPTO
, 2006
"... Abstract. Let A and B denote cryptographic primitives. A (k, m)robust A-to-B combiner is a construction, which takes m implementations of primitive A as input, and yields an implementation of primitive B, which is guaranteed to be secure as long as at least k input implementations are secure. The ma ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
(Show Context)
Abstract. Let A and B denote cryptographic primitives. A (k, m)robust A-to-B combiner is a construction, which takes m implementations of primitive A as input, and yields an implementation of primitive B, which is guaranteed to be secure as long as at least k input implementations are secure. The main motivation for such constructions is the tolerance against wrong assumptions on which the security of implementations is based. For example, a (1,2)-robust A-to-B combiner yields a secure implementation of B even if an assumption underlying one of the input implementations of A turns out to be wrong. In this work we study robust combiners for private information retrieval (PIR), oblivious transfer (OT), and bit commitment (BC). We propose a (1,2)-robust PIR-to-PIR combiner, and describe various optimizations based on properties of existing PIR protocols. The existence of simple PIR-to-PIR combiners is somewhat surprising, since OT, a very closely related primitive, seems difficult to combine (Harnik et al., Eurocrypt’05). Furthermore, we present (1,2)-robust PIR-to-OT and PIR-to-BC combiners. To the best of our knowledge these are the first constructions of A-to-B combiners with A � = B. Such combiners, in addition to being interesting in their own right, offer insights into relationships between cryptographic primitives. In particular, our PIR-to-OT combiner together with the impossibility result for OT-combiners of Harnik et al. rule out certain types of reductions of PIR to OT. Finally, we suggest a more fine-grained approach to construction of robust combiners, which may lead to more efficient and practical combiners in many scenarios.
Towards Secure Data Outsourcing
"... Abstract. The networked and increasingly ubiquitous nature of today’s data management services mandates assurances to detect and deter malicious or faulty behavior. This is particularly relevant for outsourced data frameworks in which clients place data management with specialized service providers. ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
Abstract. The networked and increasingly ubiquitous nature of today’s data management services mandates assurances to detect and deter malicious or faulty behavior. This is particularly relevant for outsourced data frameworks in which clients place data management with specialized service providers. Clients are reluctant to place sensitive data under the control of a foreign party without assurances of confidentiality. Additionally, once outsourced, privacy and data access correctness (data integrity and query completeness) become paramount. Today’s solutions are fundamentally insecure and vulnerable to illicit behavior, because they do not handle these dimensions. In this chapter we will explore the state of the art in data outsourcing mechanisms providing strong security assurances of (1) correctness, (2) confidentiality, and (3) data access privacy. There exists a strong relationship between such assurances; for example, the lack of access pattern privacy usually allows for statistical attacks
A linear lower bound on the communication complexity of single-server private information retrieval
- IN PREPARATION
, 2008
"... We study the communication complexity of single-server Private Information Retrieval (PIR) protocols that are based on fundamental cryptographic primitives in a black-box manner. In this setting, we establish a tight lower bound on the number of bits communicated by the server in any polynomiallypre ..."
Abstract
-
Cited by 6 (3 self)
- Add to MetaCart
(Show Context)
We study the communication complexity of single-server Private Information Retrieval (PIR) protocols that are based on fundamental cryptographic primitives in a black-box manner. In this setting, we establish a tight lower bound on the number of bits communicated by the server in any polynomiallypreserving construction that relies on trapdoor permutations. More specifically, our main result states that in such constructions Ω(n) bits must be communicated by the server, where n is the size of the server’s database. Therefore, in the very natural setting under consideration, the naive solution in which the user downloads the entire database turns out to be optimal up to constant multiplicative factors. Moreover, while single-server PIR protocols with poly-logarithmic communication complexity were shown to exist based on specific number-theoretic assumptions, the lower bound we provide identifies a substantial gap between black-box and non-black-box constructions of single-server PIR. Technically speaking, this paper consists of two main contributions from which our lower bound is obtained. First, we derive a tight lower bound on the number of bits communicated by the sender during the commit stage of any black-box constructions of a statistically-hiding commitment scheme from a family of trapdoor permutations. This lower bound asymptotically matches the upper bound provided by the scheme of Naor, Ostrovsky, Venkatesan and Yung (CRYPTO ’92). Second, we significantly improve the efficiency of the well-known reduction of statistically-hiding commitment schemes to non-trivial singleserver PIR, due to Beimel, Ishai, Kushilevitz and Malkin (STOC ’99). In particular, we present a reduction that essentially preserves both the communication complexity and the round complexity of the underlying single-server PIR protocol.
A Survey of Single-Database PIR: Techniques and Applications
"... In this paper we survey the notion of Single-Database Private Information Retrieval (PIR). The first Single-Database PIR was constructed in 1997 by Kushilevitz and Ostrovsky and since then Single-Database PIR has emerged as an important cryptographic primitive. For example, Single-Database PIR turne ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
In this paper we survey the notion of Single-Database Private Information Retrieval (PIR). The first Single-Database PIR was constructed in 1997 by Kushilevitz and Ostrovsky and since then Single-Database PIR has emerged as an important cryptographic primitive. For example, Single-Database PIR turned out to be intimately connected to collision-resistant hash functions, oblivious transfer and public-key encryptions with additional properties. In this survey, we give an overview of many of the constructions for Single-Database PIR (including an abstract construction based upon homomorphic encryption) and describe some of the connections of PIR to other primitives.
