Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date."— Presentation transcript:

1

2 Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date : 2003/10/14

3 Outline Motivation Introduction Formal Model & Definition Notation A Basic Two-Server Scheme A Multi-Server Scheme Conclusion

4 Motivation In e-commerce the protection of user privacy was not considered feasible until PIR problem was stated(Private Information Retrieve 36 th IEEE FOCS, pp.41~50,1995) Rough Def of Private Information Retrieve(PIR) A PIR protocol allows a user to retrieve a record from a database while hiding the identity of the record from a database server

5 Motivation Where did the need for PIR come from Patent( 專利 ) Databases If the patent server knows which patent the user is interested in, this could cause a lot of problem Pharmaceutical( 製藥 ) Databases To hide the plans of the company drug designers buy the entire Pharmaceutical Database

6 Introduction Consider a user makes a query to a database A lot of research was devoted to methods to protect the database against a curious user But there are no methods to protect the privacy of the user(before 1995) However, it is not difficult to prove that if the user wants to keep its privacy, the only thing he can do is to ask for a copy of the whole database --- it is unacceptable

7 Introduction Because the rapid development of distributed databases and fast communication network,it may be possible to make queries to several servers such that from the answers the desired information can be obtained while each server get no information on the identity of the item the user is interested Assumption The database is a binary string x = x 1 x 2 … x n of length n Identical copies of this string are stored by k >= 2 servers The user is interested in the value of bit x i

8 Introduction Private Information Retrieval Scheme : The user queries each of the k servers and gets replies from which the desired bit x i can be computed. The query to each server is distributed independently of i and therefore each server gains no information about i. A scheme with these properties is called a Private Information Retrieval scheme

9 Introduction Two server scheme with communication complexity O(n 1/3 ) Scheme of k servers with communication complexity O(n 1/k )  O(n 1/(2k-1) ) A scheme for 1/3*log 2 n+1 servers with total communication complexity 1/3*(1+O(1))*(log 2 n) 2 *log 2 log 2 (2n) (Ref : Private Information Retrieve 36 th IEEE FOCS, pp.41~50,1995)

10 Formal Model & Definition Index i [n] => {1,2,3,…,n} Random input r of length L rnd Produces k queries of length L q to k servers : Q 1 (i,r),…,Q k (i,r) The servers respond A 1,…,A k of length L a according to the content of X and the corresponding query The user reconstructs the desired bit x i from these k replies

11 Formal Model & Definition Definition 1 A k-servers Private Information Retrieval(PIR) scheme for database length n consists of k query functions Q 1,…,Q k : [n] x {0,1} L rnd  {0,1} Lq k answer functions, A 1,…,A k : {0,1} n x {0,1} Lq  {0,1} Lq a reconstruction function,R : [n] x {0,1} n x {0,1} L rnd x ( {0,1} La ) k  {0,1} These functions should satisfy Correctness & Privacy

12 Formal Model & Definition Correctness : For every x {0,1} n, i [n], and r {0,1} L rnd  R(i, r, A 1 (x,Q 1 (i,r)),…,A k (x,Q k (i,r))) = x i Privacy : For every i,j [n], s [k], and q {0,1} Lq Pr(Q s (i,r) = q) = Pr(Q s (j,r) = q) where the probabilities are taken over uniformly chosen r {0,1} L rnd Extensions : PIR of Blocks Single Bit PIR Schemes

13 Notation Notation : the following notations throughout the paper U : a user SRV 1,…,SRV k : the servers x = x 1 …x n a string in {0,1} n, known to each server representing the database i : the index in x in which U is interested [m] => {1,2,…,m} For a set S and an element a let S a => S Ù {a} if a S = > S \ {a} if a S

14 A Basic Two-Server Scheme The steps of the scheme are as below : The user uniformly selects a random set S [n] The user sends S to SRV 1 and S i to SRV 2 Each server replies with a single bit which is the Exclusive OR of the bits with indices from SRV 1, 2 (SRV 1 replies with j S x j SRV 2 replies with j S i x j ) The user Exclusive OR all the answers it has received thus retrieving the desired bit x i

15 A Basic Two-Server Scheme The steps of the scheme are as below : The user uniformly selects a random set S [n] The user sends S to SRV 1 and S i to SRV 2 Each server replies with a single bit which is the Exclusive OR of the bits with indices from SRV 1, 2 (SRV 1 replies with j S x j SRV 2 replies with j S i x j ) The user Exclusive OR all the answers it has received thus retrieving the desired bit x i

16 A Basic Two-Server Scheme (Example) User randomly choice S = {5,15,47} (n=100, index i = 15, S i = {5,47}) SRV 1 SRV 2 (1) S ={5,15,47} (2) S i ={5,47} (3) x 5 x 15 x 47 (4) x 5 x 47

17 A Basic Two-Server Scheme (Example) User compute the desired bit x i (SRV 1  ) (SRV 2  )

18 A Multi-Server Scheme A scheme for any number k ≧ 2 servers The scheme allows the user to obtain the desired bit by asking queries to k =2 d servers. For any d ≧ 1, it requires total communication complexity of 2 d * (d * n 1/d + 1) The key idea is to associate [n] with the d dimensional cube [L] d and generalize the two-server scheme which may be viewed as the 1-dimensional case (i.e. d = 1) Assume n = [L] d and embed x in a d-dimensional cube. Associate each position j n with a d-tuple (j 1,…,j d ) [L] d. In particular the index i of the desired bit is associated with a d-tuple (j 1,…,j d ) [L] d

19 A Multi-Server Scheme (Steps)

20 Conclusion Some feelings of research Remember the study of algorithm Research the topic slowly Treasure the beauty of the papers Research groups Cryptography and Information Security Group: Private Information Retrieval (Research topic at MIT) Cryptography and Information Security Group: Private Information Retrieval Private Information Retrieval Research at BGU PIR Research (Dartmouth (old research)) PIR Research Amos Beimel

21 Conclusion Research Directions Extension of PIR Robust PIR T-privacy Relax some requirement encryption is permitted for one server O(N ε ), ε>0 Make PIR pratical H/w Combination with Datebase Application on EC

Download ppt "Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date."

Similar presentations

Private Inference Control

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.

An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.
Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Lecture 15 Private Information Retrieval Stefan Dziembowski www.dziembowski.net MIM UW 25.01.13ver 1.0.

Lecture 15 Private Information Retrieval Stefan Dziembowski MIM UW ver 1.0.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Ref. Cryptography: theory and practice Douglas R. Stinson

Ref. Cryptography: theory and practice Douglas R. Stinson
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.

On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.
How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] 1706 2538344113296634 ? 1706 2 bad.

How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.
Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.

Private Information Retrieval. What is Private Information retrieval (PIR) ? Reduction from Private Information Retrieval (PIR) to Smooth Codes Constructions.
Document and Query Forms Chapter 2. 2 Document & Query Forms Q 1. What is a document? A document is a stored data record in any form A document is a stored.

Document and Query Forms Chapter 2. 2 Document & Query Forms Q 1. What is a document? A document is a stored data record in any form A document is a stored.
Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.

1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:

Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Similar presentations

Ads by Google