Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jens Groth, University College London

Published bySheryl Manning Modified over 6 years ago

Similar presentations

Presentation on theme: "Jens Groth, University College London"— Presentation transcript:

1 Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate
Jens Groth, University College London Aggelos Kiayias, University of Athens Helger Lipmaa, Cybernetica AS and Tallinn University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA

2 Information retrieval
Client Server xi i x1,...,xn

3 Privacy Index i ? Client Server i

4 Example of a trivial PIR protocol
Perfectly private: Client reveals nothing x1,...,xn xi i x1,...,xn Communication: nℓ bits with ℓ-bit records

5 Communication bits nℓ Trivial protocol
O(nk1/-1ℓ) Kushilevitz-Ostrovsky 97 O(kℓ) Cachin-Micali-Stadler 99 O(k log2n+ℓlog n) Lipmaa 05 O(k+ℓ) Gentry-Ramzan 05 Database size: n records Record size: ℓ bits Security parameter: k bits (size of RSA modulus)

6 Multi-query information retrieval
Client Server xi1,...,xim i1,...,im x1,...,xn

7 Privacy i1,...,im? Client Server i1,...,im

8 Our contribution Lower bound (information theoretic): (mℓ+m log(n/m)) bits Upper bound (CPIR protocol): O(mℓ+m log(n/m)+k) bits

9 Lower bound (mℓ+m log(n/m)) bits
Client Server xi1,...,xim i1,...,im x1,...,xn Client and server have unlimited computational power We do not require protocol to be private We assume perfect correctness We assume worst case indices and records

10 Lower bound for 2-move CPIR
Client Server xi1,...,xim i1,...,im x1,...,xn Query: possible indices (m log(n/m)) Response: m records (mℓ)

11 Lower bound for many-move CPIR
Client Server xi1,...,xim i1,...,im x1,...,xn Proof overview: At loss of factor 2 assume 1-bit messages exhanged View function as tree with client at leaf choosing an output We will prove the tree has at least (leaf, output) pairs

12 Input to the tree-function: I=(i1,...,im) and X=(x1,...,xn)
C(i1,...,im) S(x1,...,xn,0) S(x1,...,xn,1) C(i1,...,im,0,0) C(i1,...,im,0,1) C(i1,...,im,1,0) C(i1,...,im,1,1) xi1,...,xim Observation: If (I,X) and (I´,X´) lead to same leaf and output, then also (I,X´) lead to this leaf and output

13 If (I,X)  F and (I´,X´)  F then (I,X´)  F
Define F = { (I,X)=(i1,...,im,x1,...,xn) | xi=1ℓ if i  I and else xi=0ℓ} If (I,X)  F and (I´,X´)  F then (I,X´)  F This means each (I,X)  F leads to different (leaf,output) pair For each (I,X)  F the output is 1ℓ,...,1ℓ There are pairs in F, so the tree must have leaves This means the height is at least log ≥ m log(n/m) So the client and server risk sending ½m log(n/m) bits For the general case we then get a lower bound of max(mℓ, ½m log(n/m)) = (mℓ+m log(n/m)) bits I, X are “aligned” in F – the moment they get misaligned we go out of F.

14 Four cases Trivial PIR (nℓ bits) 2 4 1 ℓ=log(n/m) 3 m=k2/3 m=n/9

15 Tool: Restricted CPIR protocol
Perfect correctness Constant >0 (e.g. =1/25) so CPIR with k bits of communication for parameters satisfying m = poly(k), n = poly(k), ℓ = poly(k) mℓ+m log n  k

16 Example: Gentry-Ramzan CPIR
Primes: p1,…,pn |pi| = O(log n) Prime powers: 1,…,n |i| > ℓ Query: select N, g such that i1…im | ord(g) Response: c = gx mod N where x = xi mod i for i=1,…,n Extract: (cord(g)/i1…im) = (gord(g)/i1…im)x compute x mod i1…imextract xi1,…,xim Pi1 is a prime power of p1. etc. We claim that ord(g) is hard for the adversary.

17 Three remaining cases Restricted CPIR mℓ+m log n  k
θ(ℓm/k) m-n CPIR with record size θ(k/m) in parallel 2 4 ℓ=log(n/m) 2 [m is relatively small] => parallel composition of many Restricted CPIR on suitably cut database records. 3 m=k2/3 m=n/9

18 Two remaining cases mℓ’-out of-nℓ’ CPIR with record size log(n/m)
4 ℓ=log(n/m) 4 [l is big] => then break records into many pieces and form new longer database. Use restricted CPIR to draw the extended index set. 3 m=k2/3 m=n/9

19 One remaining case Restricted CPIR mℓ+m log n  k ℓ=log(n/m) 3 m=k2/3
m=n/9

20 Block-wise extraction
Res-CPIR Res-CPIR Res-CPIR Res-CPIR

21 The problem Uniform distribution of queries?
solvable through database permutation based on client seed. If ℓ = (log n) we could use block-wise repetition of the restricted CPIR on size w blocks of the database for mℓ+m log n  kw resulting in total communication kw which is optimal. But if ℓ is small (& m is large), we may loose a multiplicative factor (mℓ+m log n)/(mℓ+m log(n/m)) = 1+log m/(ℓ+log(n/m)) by block-wise repetition of the restricted CPIR

22 Solution Restricted CPIR mℓ+m log n  k aℓ-bit records
(x1,x2) (x1,x3) (x2,x3) x1,x2,x3 (x4,x5) (x4,x6) (x5,x6) x4,x5,x6 (x7,x8) (x7,x9) (x8,x9) x7,x8,x9 ℓ’=aℓ, m’=m/a, n’= n/a Restricted CPIR mℓ+m log n  k

23 Summary Client Server xi1,...,xim i1,...,im x1,...,xn
Lower bound: (mℓ+m log(n/m)) bits CPIR protocol: O(mℓ+m log(n/m)+k) bits

24 Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate
Jens Groth, University College London Aggelos Kiayias, University of Athens Helger Lipmaa, Cybernetica AS and Tallinn University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA

Download ppt "Jens Groth, University College London"

Similar presentations

Optimal Lower Bounds for 2-Query Locally Decodable Linear Codes Kenji Obata.

Optimal Lower Bounds for 2-Query Locally Decodable Linear Codes Kenji Obata.
Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.
Short Non-interactive Zero-Knowledge Proofs

Short Non-interactive Zero-Knowledge Proofs
Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.

Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.

Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.
Lower Bounds & Models of Computation Jeff Edmonds York University COSC 3101 Lecture 8.

Lower Bounds & Models of Computation Jeff Edmonds York University COSC 3101 Lecture 8.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.

Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.
CDA6530: Performance Models of Computers and Networks Chapter 5: Generating Random Number and Random Variables TexPoint fonts used in EMF. Read the TexPoint.

CDA6530: Performance Models of Computers and Networks Chapter 5: Generating Random Number and Random Variables TexPoint fonts used in EMF. Read the TexPoint.
1 Truthful Mechanism for Facility Allocation: A Characterization and Improvement of Approximation Ratio Pinyan Lu, MSR Asia Yajun Wang, MSR Asia Yuan Zhou,

1 Truthful Mechanism for Facility Allocation: A Characterization and Improvement of Approximation Ratio Pinyan Lu, MSR Asia Yajun Wang, MSR Asia Yuan Zhou,
Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.

Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.
Locally Decodable Codes Uri Nadav. Contents What is Locally Decodable Code (LDC) ? Constructions Lower Bounds Reduction from Private Information Retrieval.

Locally Decodable Codes Uri Nadav. Contents What is Locally Decodable Code (LDC) ? Constructions Lower Bounds Reduction from Private Information Retrieval.
Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:

Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:
Efficient Consistency Proofs for Generalized Queries on a Committed Database R. Ostrovsky C. Rackoff A. Smith UCLA Toronto.

Efficient Consistency Proofs for Generalized Queries on a Committed Database R. Ostrovsky C. Rackoff A. Smith UCLA Toronto.
Database Management 9. course. Execution of queries.

Database Management 9. course. Execution of queries.
A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.

A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Broadcast Encryption Amos Fiat & Moni Naor Presented.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Broadcast Encryption Amos Fiat & Moni Naor Presented.
PODC 20081 Distributed Computation of the Mode Fabian Kuhn Thomas Locher ETH Zurich, Switzerland Stefan Schmid TU Munich, Germany TexPoint fonts used in.

PODC Distributed Computation of the Mode Fabian Kuhn Thomas Locher ETH Zurich, Switzerland Stefan Schmid TU Munich, Germany TexPoint fonts used in.

Similar presentations

Ads by Google