Public Key Encryption That Allows PIR Queries Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承

Outline Introduction Tools Definition Main Construction

Introduction Tools Definition Main Construction

PIR(Private Information Retrieval) 允許 user 從擁有 database 的 server 中取 回資料 (item) ，但不洩漏取回的是什麼 資料。 PIR solutions  藉由 address ，從 database 中，取回一個 ( 明文 或 加密過 ) 的 record 。  靠關鍵字搜尋一個未加密的資料 (data)

Introduction Tools Definition Main Construction

Bloom filter 觀念 :  Hash function:  suppose  A array: such that and such that  Note that,then

Bloom filter(cont.) Input a to h i, i: 1~k h1h1 h2h2 hkhk T H 1 (a) H 2 (a) H k (a) If then 驗證 :

Bloom filter(cont.) 儲存什麼 ?  不只是單單儲存 element ，改儲存 : 表示與 elements 的關係 ( 表達 element 所 存放的位址 ) 現今儲存 (a,v),, where  v 被加入 for all  If a ∈ S,

Bloom filter(cont.) v1 v1,v2 v1 v2,v3 v1,v2,v3 v3 Insert: (a1,v1)Insert: (a2,v2) H1(a1) H2(a1) Hk(a1) B1 B2 B3 B4 Bm {v1,v2} {v1} {v1,v2,v3} ∩ ∩ ∩ ={v1}

Modifying Encrypted Data in a Communication Efficient Way Based on group homomorphic encryption with communication O(√n). Technique :  : database (not encrypted)  (i*,j*): the position of particular element  α: the value we want to add.  v, w: two vector of length √n where  Here δ kl = 1 when k=l and 0 otherwise  Then

Modifying Encrypted Data in a Communication Efficient Way (cont.) Parameters:  (K,, D): a CPA-secure public-key encryption  : an array of ciphertexts which is held by a party S.  Define F(X, Y, Z)=X+YZ. By our assumption, there exists some such that

Modifying Encrypted Data in a Communication Efficient Way (cont.) Protocol: Modify U,S (l, α) where l and α are private input to U. 1. U compute i *, j * as the coordinates of l (i.e., i * and j * are quotient and remainder of l/n, respectively) 2. U sends to S where all values are encrypted under A public. 3. S computes for all, and replaces each c ij with the corresponding resulting ciphertext. 每一次修改都對所有的 Cij 作修改，因此，可以簡易看出保有私密性

Introduction Tools Definition Main Construction

Definition 參數 :  X: message sending parties.  Y: message receiving party.  S: server/storage provider 定義 :  KeyGen(1 S ): 產生公密鑰對  Send X,S (M, K, A public )  Retrieve Y,S (w, A private )

Introduction Tools Definition Main Construction

S maintains in its storage space encryptions of the buffers, denote these encryptions For, we defined KeyGen(k) :Run K(1 s ), generate A public and A private.

Send X,S (M, K, A public ) Sender Server/Storage Bloom filter buffer ε(M) ρ γcopies of the address ρ ρ ρ ε(M)M + K ρ Message buffer ρ ρ ρ

Retrieve Y,S (w, A private ) Receiver Bloom filter buffer Message buffer Server/Storage PIR query PIR query, L ε(M) 解密