Presentation is loading. Please wait.

Presentation is loading. Please wait.

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Published byLucas Padilla Modified over 11 years ago

Similar presentations

Presentation on theme: "Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis."— Presentation transcript:

1 Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis

2 Outline Introduction Element rank protocol Other protocols Equivalence to one-round PIR Open problems

3 Succinct Computation y Client Server x q = Q(x) a = A(q,y) Dec(a) = f(x,y) Computing f(x,y) One round of interaction Communication Complexity |q| +|a| = O(poly(log(|x|), log(|y|), |f(x,y)|, s)) Or linear in |f(x,y)|

4 Privacy Computational setting Client side For any x, x, Q(x) and Q(x) are indistinguishable Server side Simulator S, simulates A(x,y) given x and f(x,y) Semi-honest adversaries

5 Private Database Queries Servers input is a database Clients input is a query Private information retrieval (PIR) f(i, (x 1,x 2,…,x n )) = x i Private Keyword search (PKS) f(w, {(x 1,v 1 ),…,(x n,v n )}) = v a if there is x a = w otherwise

6 Existing Solutions PIR / SPIR [KO97], [Lipmaa05], … One-round, sublinear communication PKS [FIPR05] One-round, polylog(n) communication PIR and homomorphic encryption How about more general queries?

7 More General Queries General MPC Not efficient Circuits with look-up tables [NN01] Communication efficient High round complexity One-round secure computation [CCKM00] Round efficient High comm. Computing BP on encrypted data [IP07] Independent work Round and communication efficient Strong assumption

8 Private Element Rank Interval Labeling f(b, (x 1,x 2,…,x n,v 1,…,v n )) = v i such that b є (x i, x i+1 ] Element Rank Add x 0 = - and x n+1 =+ v i = i Applications Ranking in auctions Online testing services Use to design other protocols

9 Interval Labeling Protocol b, x 1,x 2,…,x n є {0,1} k Run a PKS for every prefix of b j th query = j-bit prefix of b Create and use a database D

10 Interval Labeling Protocol v1v1 v2v2 v4v4 v0v0 v1v1 v2v2 v2v2 v3v3 x2x2 x1x1 x3x3 x4x4 01 0 1 01 01010 1 0 1 D = {(000,v 0 ),(001,v 1 ),(0100,v 1 ), (0101,v 2 ),(011,v 2 ),(100,v 2 ),(101,v 3 ),(11,v 4 )}

11 Interval Labeling Protocol v1v1 v2v2 v4v4 v0v0 v1v1 v2v2 v2v2 v3v3 x2x2 x1x1 x3x3 x4x4 01 0 1 01 01010 1 0 1 D = {(000,v 0 ),(001,v 1 ),(0100,v 1 ), (0101,v 2 ),(011,v 2 ),(100,v 2 ),(101,v 3 ),(11,v 4 )} b = 1000 b 1 = 1 b 2 =10 b 3 =100 b 4 =1000

12 Interval Labeling Protocol w is w with last bit flipped Database D, where |D| 2kn For every 1 j k, let w be j-bit prefix of x i : 1. Add (w,v i ) to D if: [w||0 k-j, w||1 k-j ] [x i,x i+1 ], but not true for w 2. Add (w,v i ) to D if: [w||0 k-j, w||1 k-j ] [x t,x t+1 ], but not true for w Prefixes of x i s and/or their siblings

13 Interval Labeling r i = PKS A (b i,D) for 1 i k Randomly permute (r 1, r 2, …,r k ) and send Decode; retrieve the only r i in the list One round, polylog(n) communication Reduced to PKS

14 Other Protocols Private Rectangle Labeling Which rectangle is query point in? Extension to higher dimensions One round Private Range Queries Retrieve all the points in the range On a line or in a plane Constant round Comm. proportional to number of retrieved points

15 Other Protocols m th ranked element Alice holds database A Bob holds database B Find m th ranked element in (A U B) [AMP04], O(log(m)) rounds, and sublinear comm. We use our rank protocol as subprotocol O(log(log(m))) rounds Still sublinear comm.

16 PKS to PIR [FIPR05] Database Hash function h : {0,1} n {0,1} n/log(n) Hash keywords (x i s) to n/log(n) bins Create degree log(n) polynomials for each bin Client Compute h(w) Send E(h(w)), E(h(w) 2 ), …, E(h(w) log(n) ) Database evaluates all polynomials at h(w) Client gets one result via PIR v a if there is x a = w otherwise f(w, {(x 1,v 1 ),…,(x n,v n )}) =

17 PKS to PIR Assumption: One-round PIR Replace polynomials with Yaos garbled circuit Circuit of size O(polylog(n)) size Yaos protocol Pseudorandom function, OT Can be reduced to one-round PIR [CMO00], [BIKM99] One-round PKS one-round PIR One-round Rank one-round PKS

18 Open Problems Succinct Computation of Branching programs (not length-bounded) General circuits Reduction to one-round PIR Any special functionality Decision trees Branching programs

19 Thank you!

Download ppt "Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis."

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Tight Bounds for Distributed Functional Monitoring David Woodruff IBM Almaden Qin Zhang Aarhus University MADALGO Based on a paper in STOC, 2012.

Tight Bounds for Distributed Functional Monitoring David Woodruff IBM Almaden Qin Zhang Aarhus University MADALGO Based on a paper in STOC, 2012.
Quantum Software Copy-Protection Scott Aaronson (MIT) |

Quantum Software Copy-Protection Scott Aaronson (MIT) |
Quantum Double Feature Scott Aaronson (MIT) The Learnability of Quantum States Quantum Software Copy-Protection.

Quantum Double Feature Scott Aaronson (MIT) The Learnability of Quantum States Quantum Software Copy-Protection.
1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.

1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Private Inference Control

Private Inference Control
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)

Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.

Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
The Complexity of Information-Theoretic Secure Computation Yuval Ishai Technion 2014 European School of Information Theory.

The Complexity of Information-Theoretic Secure Computation Yuval Ishai Technion 2014 European School of Information Theory.
Secure Linear Algebra against Covert or Unbounded Adversaries Payman Mohassel and Enav Weinreb UC Davis CWI.

Secure Linear Algebra against Covert or Unbounded Adversaries Payman Mohassel and Enav Weinreb UC Davis CWI.
Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Separating Deterministic from Randomized Multiparty Communication Complexity Joint work with Paul Beame (University of Washington) Matei David (University.

Separating Deterministic from Randomized Multiparty Communication Complexity Joint work with Paul Beame (University of Washington) Matei David (University.
Raef Bassily Penn State Local, Private, Efficient Protocols for Succinct Histograms Based on joint work with Adam Smith (Penn State) (To appear in STOC.

Raef Bassily Penn State Local, Private, Efficient Protocols for Succinct Histograms Based on joint work with Adam Smith (Penn State) (To appear in STOC.
Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.

Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.
Secure Computation of Linear Algebraic Functions

Secure Computation of Linear Algebraic Functions

Similar presentations

Ads by Google