Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:"— Presentation transcript:

1 Private Information Retrieval Amos Beimel – Ben-Gurion University http://www.cs.bgu.ac.il/~beimel Tel-Hai, June 4, 2003 This talk is based on talks by: Yuval Ishai, Eyal Kushilevitz, Tal Malkin

2 Private Information Retrieval (PIR) [CGKS95] Goal: allow user to query database while hiding the identity of the data-items she is after. Note: hides identity of data-items; not existence of interaction with the user. Motivation: patent databases; stock quotes; web access; many more.... Paradox(?): imagine buying in a store without the seller knowing what you buy. (Encrypting requests is useful against third parties; not against owner of data.)

3 Modeling Server: holds n-bit string x n should be thought of as very large User: wishes –to retrieve x i and –to keep i private Remark: most basic version; building block for involved retrieval.

4 Private Information Retrieval (PIR) x=x 1,x 2,..., x n {0,1} n SERVER i {1,…n} xixi USER ij ? 7 4 3 n

5 NO privacy!!! Communication: log n SERVER USER x =x 1,x 2,..., x n xixi Non-Private Protocol i i {1,…n}

6 Server sends entire database x to User. Information theoretic privacy. Communication: n SERVER xixi USER x =x 1,x 2,..., x n x 1,x 2,..., x n Trivial Private Protocol Is this optimal?

7 Obstacle Theorem [CGKS]: In any 1-server PIR with information theoretic privacy the communication is at least n.

8 More “solutions” User asks for additional random indices. Drawback: reveals a lot of information Employ general crypto protocols to compute x i privately. Drawback: highly inefficient (polynomial in n ). Anonymity (e.g., via Anonymizers). Note: different concern: hides identity of user; not the fact that x i is retrieved.

9 Two Approaches Information-Theoretic PIR [CGKS95,Amb97,...] Replicate database among k servers. Unconditional privacy against t servers. Default: t=1 Computational PIR [CG97,KO97,CMS99,...] Computational privacy, based on cryptographic assumptions.

10 Known Comm. Upper Bounds Multiple servers, information-theoretic PIR: 2 servers, comm. n 1/3 [CGKS95] k servers, comm. n 1/  (k) [CGKS95, Amb96,…,BIKR02] log n servers, comm. Poly( log(n) ) [BF90, CGKS95] Single server, computational PIR: Comm. Poly( log(n) ) Under appropriate computational assumptions [KO97,CMS99]

11 Approach I: k-Server PIR Correctness: User obtains x i Privacy: No single server gets information about i U S1S1 x {0,1} n S2S2 i SkSk

12 Information-Theoretic 2-Server PIR Best Known Protocol: comm. n 1/3 [CGKS95] Open Question: Is this optimal? This Talk: comm. n 1/2 Two Stages: 1.Protocol I: n bit queries, 1 bit answers 2.Protocol II: n 1/2 bit queries, n 1/2 bit answers

13 Protocol I: 2-server PIR S2S2 i U i n Q 1  {1,…,n} S1S1 Q 2 =Q 1  i 001100111000

14 Protocol I: 2-server PIR S2S2 i U i n Q 1  {1,…,m} S1S1 Q 2 =Q 1  i 0 1 0 0 11 01 0 0 010

15 Protocol I: 2-server PIR S2S2 i U i n Q 1  {1,…,n} S1S1 a1a2=xia1a2=xi Q 2 =Q 1  i 0 1 0 0 1 01 0 0 011 1 0

16 PIR with O(n 1/2 ) Communication S2S2 j,i U i X m=n 1/2 Q 1  {1,…,m} S1S1 Q 2 =Q 1  i j a 1,j  a 2,j =x j,i

17 Computational PIR with O(n 1/2 ) Comm. Tool: (randomized) homomorphic encryption b b’b’ b  b’ =  Example Quadratic Residue: E(0)  QR N E(1)  NQR N QR QR = QR NQR QR = NQR

18 Computational PIR with O(n 1/2 ) Comm. 0 1 1 0 1 1 1 0 1 1 0 0 0 0 0 1 n 1/2 i User sends n 1/2 encryptions c 1 =E(0), c 2 =E(0), c 3 =E(1), c 4 = E(0) For each row Server sends a “bit” c2c3c2c3 c1 c2c3c1 c2c3 c1c2c1c2 c4c4 User recovers ith column of x j

19 PIR – Related Work Extensions: –Symmetric PIR [GIKM,NP] –t-privacy [CGKS,IK,BI] –Robust PIR [BS] More settings [OS,GGM,DIO,BIM,...] PIR as a building-block [NN,FIMNSW,...]

20 Current (& Future) Research Focus so far: communication complexity Obstacle: time complexity All existing protocols require high computation by the servers (linear computation per query). Theorem [BIM]: Expected computation of the servers is  (n) Major research goal: Improving time complexity via preprocessing / amortization / off-line computation ( Preliminary results in [BIM,IKOS])

Download ppt "Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:"

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.
1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.

1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Private Inference Control

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.

Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
The Complexity of Information-Theoretic Secure Computation Yuval Ishai Technion 2014 European School of Information Theory.

The Complexity of Information-Theoretic Secure Computation Yuval Ishai Technion 2014 European School of Information Theory.
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.

Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.
Secure Computation of Linear Algebraic Functions

Secure Computation of Linear Algebraic Functions
Oblivious Branching Program Evaluation

Oblivious Branching Program Evaluation
An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.

An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.
Lecture 15 Private Information Retrieval Stefan Dziembowski www.dziembowski.net MIM UW 25.01.13ver 1.0.

Lecture 15 Private Information Retrieval Stefan Dziembowski MIM UW ver 1.0.
Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.

Improving the Round Complexity of VSS in Point-to-Point Networks Jonathan Katz (University of Maryland) Chiu-Yuen Koo (Google Labs) Ranjit Kumaresan (University.
Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems Omer Barkol Yuval Ishai Technion.

Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems Omer Barkol Yuval Ishai Technion.
Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date.

Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.
1 Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold.

1 Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold.

Similar presentations

Ads by Google