Optimal Rate Private Information Retrieval from Homomorphic Encryption

Abstract We consider the problem of minimizing the communication in single-database private information retrieval protocols in the case where the length of the data to be transmitted is large. We present first rate-optimal protocols for 1-out-of-n computationallyprivate information retrieval (CPIR), oblivious transfer (OT), and strong conditional oblivious transfer (SCOT). These protocols are based on a new optimalrate leveled homomorphic encryption scheme for large-output polynomial-size branching programs, that might be of independent interest. The analysis of the new scheme is intricate: the optimal rate is achieved if a certain parameter s is set equal to the only positive root of a degree-(m + 1) polynomial, where m is the length of the branching program. We show, by using Galois theory, that even when m = 4, this polynomial cannot be solved in radicals. We employ the Newton-Puiseux algorithm to find a Puiseux series for s, and based on this, propose a Θ (logm)-time algorithm to find an integer approximation to s.

[1]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[2]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[3]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.

[4]  Stavros Papadopoulos,et al.  pCloud: A Distributed System for Practical PIR , 2012, IEEE Transactions on Dependable and Secure Computing.

[5]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[6]  Carl D. Meyer,et al.  Matrix Analysis and Applied Linear Algebra , 2000 .

[7]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[8]  Ivan Damgård,et al.  A generalization of Paillier’s public-key system with applications to electronic voting , 2010, International Journal of Information Security.

[9]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[10]  C. Hoffmann Algebraic curves , 1988 .

[11]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[12]  Samuel D. Johnson Branching programs and binary decision diagrams: theory and applications by Ingo Wegener society for industrial and applied mathematics, 2000 408 pages , 2010, SIGA.

[13]  Nicholas Pippenger,et al.  On simultaneous resource bounds , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[14]  Rafail Ostrovsky,et al.  Communication Complexity in Algebraic Two-Party Protocols , 2008, CRYPTO.

[15]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[16]  I. Wegener Branching Programs and Binary Deci-sion Diagrams-Theory and Applications , 1987 .

[17]  Abhi Shelat,et al.  Additive Combinatorics and Discrete Logarithm Based Range Protocols , 2010, ACISP.

[18]  Ian Goldberg,et al.  The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency , 2014, Privacy Enhancing Technologies.

[19]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[20]  Peter Pesic,et al.  Abel's Proof: An Essay on the Sources and Meaning of Mathematical Unsolvability , 2003 .

[21]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[22]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[23]  Aggelos Kiayias,et al.  Communication Optimal Tardos-Based Asymmetric Fingerprinting , 2015, CT-RSA.

[24]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[25]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[26]  Emmanuela Orsini,et al.  Between a Rock and a Hard Place: Interpolating Between MPC and FHE , 2013, IACR Cryptol. ePrint Arch..

[27]  Helger Lipmaa,et al.  On Diophantine Complexity and Statistical Zero-Knowledge Arguments , 2003, ASIACRYPT.

[28]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[29]  Ivan Damgård,et al.  A Length-Flexible Threshold Cryptosystem with Applications , 2003, ACISP.

[30]  Alan Cobham,et al.  The Recognition Problem for the Set of Perfect Squares , 1966, SWAT.

[31]  Amir Herzberg,et al.  RAID-PIR: Practical Multi-Server PIR , 2014, CCSW.

[32]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[33]  Ian F. Blake,et al.  Strong Conditional Oblivious Transfer and Computing on Intervals , 2004, ASIACRYPT.

[34]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[35]  Helger Lipmaa,et al.  First CPIR Protocol with Data-Dependent Computation , 2009, ICISC.

[36]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[37]  Sven Laur,et al.  A New Protocol for Conditional Disclosure of Secrets and Its Applications , 2007, ACNS.

[38]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[39]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.