1. Public Key Encryption That Allows PIR Queries Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承

2. Outline Introduction Tools Definition Main Construction

3. Introduction Tools Definition Main Construction

4. PIR(Private Information Retrieval) 允許 user 從擁有 database 的 server 中取 回資料 (item) ，但不洩漏取回的是什麼 資料。 PIR solutions  藉由 address ，從 database 中，取回一個 ( 明文 或 加密過 ) 的 record 。  靠關鍵字搜尋一個未加密的資料 (data)

5. Introduction Tools Definition Main Construction

6. Bloom filter 觀念 :  Hash function:  suppose  A array: such that and such that  Note that,then

7. Bloom filter(cont.) Input a to h i, i: 1~k 0 1 1 1 0 h1h1 h2h2 hkhk T H 1 (a) H 2 (a) H k (a) If then 驗證 :

8. Bloom filter(cont.) 儲存什麼 ?  不只是單單儲存 element ，改儲存 : 表示與 elements 的關係 ( 表達 element 所 存放的位址 ) 現今儲存 (a,v),, where  v 被加入 for all  If a ∈ S,

9. Bloom filter(cont.) v1 v1,v2 v1 v2,v3 v1,v2,v3 v3 Insert: (a1,v1)Insert: (a2,v2) H1(a1) H2(a1) Hk(a1) B1 B2 B3 B4 Bm {v1,v2} {v1} {v1,v2,v3} ∩ ∩ ∩ ={v1}

10. Modifying Encrypted Data in a Communication Efficient Way Based on group homomorphic encryption with communication O(√n). Technique :  : database (not encrypted)  (i*,j*): the position of particular element  α: the value we want to add.  v, w: two vector of length √n where  Here δ kl = 1 when k=l and 0 otherwise  Then

11. Modifying Encrypted Data in a Communication Efficient Way (cont.) Parameters:  (K,, D): a CPA-secure public-key encryption  : an array of ciphertexts which is held by a party S.  Define F(X, Y, Z)=X+YZ. By our assumption, there exists some such that

12. Modifying Encrypted Data in a Communication Efficient Way (cont.) Protocol: Modify U,S (l, α) where l and α are private input to U. 1. U compute i *, j * as the coordinates of l (i.e., i * and j * are quotient and remainder of l/n, respectively) 2. U sends to S where all values are encrypted under A public. 3. S computes for all, and replaces each c ij with the corresponding resulting ciphertext. 每一次修改都對所有的 Cij 作修改，因此，可以簡易看出保有私密性

13. Introduction Tools Definition Main Construction

14. Definition 參數 :  X: message sending parties.  Y: message receiving party.  S: server/storage provider 定義 :  KeyGen(1 S ): 產生公密鑰對  Send X,S (M, K, A public )  Retrieve Y,S (w, A private )

15. Introduction Tools Definition Main Construction

16. S maintains in its storage space encryptions of the buffers, denote these encryptions For, we defined KeyGen(k) :Run K(1 s ), generate A public and A private.

17. Send X,S (M, K, A public ) Sender Server/Storage Bloom filter buffer ε(M) ρ γcopies of the address ρ ρ ρ ε(M)M + K ρ Message buffer ρ ρ ρ

18. Retrieve Y,S (w, A private ) Receiver Bloom filter buffer Message buffer Server/Storage PIR query PIR query, L ε(M) 解密