Public-Key Locally-Decodable Codes

In this paper we introduce the notion of a Public-Key Encryption Scheme that is also a Locally-Decodable Error-Correcting Code (PKLDC). In particular, we allow any polynomial-time adversary to read the entire ciphertext, and corrupt a constant fraction of the bits of the entireciphertext. Nevertheless, the decoding algorithm can recover any bit of the plaintext with all but negligible probability by reading only a sublinear number of bits of the (corrupted) ciphertext. We give a general construction of a PKLDC from any Semantically-Secure Public Key Encryption (SS-PKE) and any Private Information Retrieval (PIR) protocol. Since Homomorphic encryption implies PIR, we also show a reduction from any Homomorphic encryption protocol to PKLDC. Applying our construction to the best known PIR protocol (that of Gentry and Ramzan), we obtain a PKLDC, which for messages of size nand security parameter kachieves ciphertexts of size $\mathcal{O}(n)$, public key of size $\mathcal{O}(n+k)$, and locality of size $\mathcal{O}(k^2)$. This means that for messages of length n= i¾?(k2 + i¾?), we can decode a bit of the plaintext from a corrupted ciphertext while doing computation sublinear in n.

[1]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[2]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[3]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[4]  Yuval Ishai,et al.  Sufficient Conditions for Collision-Resistant Hashing , 2005, TCC.

[5]  Richard J. Lipton,et al.  A New Approach To Information Theory , 1994, STACS.

[6]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[7]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[8]  Rafail Ostrovsky,et al.  Private Locally Decodable Codes , 2007, ICALP.

[9]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[10]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[11]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[12]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[13]  Rafail Ostrovsky,et al.  Batch codes and their applications , 2004, STOC '04.

[14]  Silvio Micali,et al.  Optimal Error Correction Against Computationally Bounded Noise , 2005, TCC.

[15]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[16]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[17]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[18]  Yan-Cheng Chang,et al.  Single Database Private Information Retrieval with Logarithmic Communication , 2004, ACISP.

[19]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[20]  Jonathan Katz,et al.  On the efficiency of local decoding procedures for error-correcting codes , 2000, STOC '00.

[21]  Sergey Yekhanin,et al.  Towards 3-query locally decodable codes of subexponential length , 2008, JACM.

[22]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[23]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[24]  Josh Benaloh,et al.  Dense Probabilistic Encryption , 1999 .

[25]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[26]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.