One-way functions are essential for single-server private information retrieval

Private Information Retrieval (PIR) protocols allow a user to read information from a database without revealing to the server storing the database which information he has read. Kushilevitz and Ostrovsky [23] construct, based on the quadratic residuosity assumption, a single-server PIR protcco1 with small communication complexity. Cachin, Micali, and Stadler [6] present a single-server PIR protocol with a smaller communication complexity, based an the (new) *hiding assumption. A major question, addressed in the present work, is what assumption is the minimal assumption necessary for the construction of single-server private information retrieval protocols with small communication complexity. We prove that if there is a (O-error) PIR protocol in which the server sends less than n bits then one-way functions exist (where n is the number of bits in the database). That is, even saving one bit compared to the naive protocol, in which the entire database is sent, already requires one-way functions. The same result holds (but requires more work) even if we allow the retrieval to fail with probability of at most 1/(8n). Moreover, similar tcomputer science Department, Technion, Haifa 32000, Israel. E mai,: yuva,iQcs.technion.ac.il. Part of elia work wbs done while “isiting 1BM T.J. Watson Research Center. Copyright ACM 1999 1-581 13.067.8199/05...$5.00 results hold even if we allow constant probability of error. For example, we prove that if there is a PIR protocol with erIOT l/4 and communication complexity less than n/IO bits, then one-way functions exist.

[1]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[2]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[3]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[4]  Joan Feigenbaum,et al.  Hiding Instances in Multioracle Queries , 1990, STACS.

[5]  Elizabeth D Mann Private access to distributed information , 1998 .

[6]  Martín Abadi,et al.  On hiding information from an oracle , 1987, J. Comput. Syst. Sci..

[7]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[8]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval , 1999, STOC 1999.

[10]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[11]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[12]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval (extended abstract) , 1999, STOC '99.

[13]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[14]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[15]  Rafail Ostrovsky,et al.  Universal service-providers for database private information retrieval (extended abstract) , 1998, PODC '98.

[16]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[17]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[18]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[19]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[20]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[21]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[22]  Eyal Kushilevitz,et al.  Communication Complexity , 1997, Adv. Comput..

[23]  Oded Goldreich,et al.  A Note on Computational Indistinguishability , 1990, Inf. Process. Lett..

[24]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[25]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[26]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[27]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[28]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[29]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[30]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[31]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[32]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[33]  Tal Malkin,et al.  A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication , 1998, RANDOM.