Download presentation

Presentation is loading. Please wait.

Published byAngel Power Modified over 4 years ago

1
Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University of Athens Helger Lipmaa, Cybernetica AS and Tallinn University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AAAAA A A A A A A

2
Information retrieval ClientServer ix 1,...,x n xixi

3
Privacy ClientServer i Index i ?

4
Example of a trivial PIR protocol ix 1,...,x n xixi x 1,...,x n Perfectly private: Client reveals nothing Communication: n bits with -bit records

5
Communication bits n Trivial protocol O(n k 1/ -1 ) Kushilevitz-Ostrovsky 97 O(k) Cachin-Micali-Stadler 99 O(k log 2 n+log n) Lipmaa 05 O(k+) Gentry-Ramzan 05 Database size: n records Record size: bits Security parameter: k bits (size of RSA modulus)

6
Multi-query information retrieval ClientServer i 1,...,i m x 1,...,x n x i 1,...,x i m

7
Privacy ClientServer i 1,...,i m i 1,...,i m ?

8
Our contribution Lower bound (information theoretic): ( m+m log(n/m) ) bits Upper bound (CPIR protocol): O ( m+m log(n/m)+k ) bits

9
Lower bound ( m+m log(n/m) ) bits ClientServer i 1,...,i m x 1,...,x n x i 1,...,x i m Client and server have unlimited computational power We do not require protocol to be private We assume perfect correctness We assume worst case indices and records

10
Lower bound for 2-move CPIR ClientServer i 1,...,i m x 1,...,x n x i 1,...,x i m Query: possible indices ( m log(n/m)) Response:m records ( m)

11
Lower bound for many-move CPIR ClientServer i 1,...,i m x 1,...,x n x i 1,...,x i m Proof overview: At loss of factor 2 assume 1-bit messages exhanged View function as tree with client at leaf choosing an output We will prove the tree has at least (leaf, output) pairs

12
C(i 1,...,i m ) S(x 1,...,x n,0) S(x 1,...,x n,1) C(i 1,...,i m,0,0) C(i 1,...,i m,0,1) C(i 1,...,i m,1,0) C(i 1,...,i m,1,1) 0 1 0 1 0 1 x i 1,...,x i m Input to the tree-function: I=(i 1,...,i m ) and X=(x 1,...,x n ) Observation: If (I,X) and (I´,X´) lead to same leaf and output, then also (I,X´) lead to this leaf and output

13
Define F = { (I,X)=(i 1,...,i m,x 1,...,x n ) | x i =1 if i I and else x i =0 } If (I,X) F and (I´,X´) F then (I,X´) F This means each (I,X) F leads to different (leaf,output) pair For each (I,X) F the output is 1,...,1 There are pairs in F, so the tree must have leaves This means the height is at least log m log(n/m) So the client and server risk sending ½ m log(n/m) bits For the general case we then get a lower bound of m ax( m, ½ m log(n/m) ) = ( m+m log(n/m) ) bits

14
Four cases 2 3 4 1 =log(n/m) m=n/9m=k 2/3 Trivial PIR (n bits)

15
Tool: Restricted CPIR protocol Perfect correctness Constant >0 (e.g. =1/25) so CPIR with k bits of communication for parameters satisfying m = poly(k), n = poly(k), = poly(k) m+m log n k

16
Example: Gentry-Ramzan CPIR Primes:p 1,…,p n |p i | = O(log n) Prime powers: 1,…, n | i | > Query: N, g i 1 … i m | ord(g) Response:c = g x mod Nx = x i mod i Extract:(c ord(g)/ i1 … im ) = (g ord(g)/ i1 … im ) x compute x mod i 1 … i m extract x i 1,…,x i m

17
Three remaining cases 2 3 4 =log(n/m) m=n/9m=k 2/3 Restricted CPIR m+m log n k m/ k CPIRs with record size k/m in parallel

18
Two remaining cases 3 4 =log(n/m) m=n/9m=k 2/3 m/log(n/m)- out of -n CPIR with record size log(n/m)

19
One remaining case 3 =log(n/m) m=n/9m=k 2/3 Restricted CPIR m+m log n k

20
Parallel extraction Res-CPIRRes-CPIR Res-CPIR Res-CPIR

21
The problem If = (log n) we could use parallel repetition of the restricted CPIR for m+m log n k on blocks of the database to get a constant rate But if is small and m is large, we may loose a multiplicative factor (m+m log n)/(m+m log(n/m)) = 1+log m/(+log(n/m)) by parallel repetition of the restricted CPIR

22
Solution x 1,x 2,x 3 x 4,x 5,x 6 x 7,x 8,x 9 Restricted CPIR m+m log n k (x 1,x 2 ) (x 1,x 3 ) (x 2,x 3 ) (x 4,x 5 ) (x 4,x 6 ) (x 5,x 6 ) (x 7,x 8 ) (x 7,x 9 ) (x 8,x 9 ) a -bit records =a, m=m/a, n= n/a

23
Summary Lower bound: ( m+m log(n/m) ) bits CPIR protocol: O ( m+m log(n/m)+k ) bits ClientServer i 1,...,i m x 1,...,x n x i 1,...,x i m

Similar presentations

OK

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To ensure the functioning of the site, we use **cookies**. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy & Terms.
Your consent to our cookies if you continue to use this website.

Ads by Google

Ppt on different web browsers Ppt on 2nd world war planes Ppt on porter's five forces diagram Ppt on applied operational research mathematics Ppt on economic order quantity equation Ppt on improvement in food resources science Ppt on mobile computing pdf Ppt on software project management by bob hughes Ppt on green revolution in india Ppt on school library management system