Private Information Retrieval with Sublinear Online Time

We present the first protocols for private information retrieval that allow fast (sublinear-time) database lookups without increasing the server-side storage requirements. To achieve these efficiency goals, our protocols work in an offline/online model. In an offline phase, which takes place before the client has decided which database bit it wants to read, the client fetches a short string from the servers. In a subsequent online phase, the client can privately retrieve its desired bit of the database by making a second query to the servers. By pushing the bulk of the server-side computation into the offline phase (which is independent of the client’s query), our protocols allow the online phase to complete very quickly—in time sublinear in the size of the database. Our protocols can provide statistical security in the two-server setting and computational security in the single-server setting. Finally, we prove that, in this model, our protocols are optimal in terms of the trade-off they achieve between communication and running time.

[1]  Madhur Tulsiani,et al.  Time Space Tradeoffs for Attacks against One-Way Functions and PRGs , 2010, CRYPTO.

[2]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[3]  Vinod Vaikuntanathan,et al.  Private Constrained PRFs (and More) from LWE , 2017, TCC.

[4]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[5]  Targeted Advertising , 2014, Encyclopedia of Social Network Analysis and Mining.

[6]  Nick Mathewson,et al.  The pynchon gate: a secure method of pseudonymous mail retrieval , 2005, WPES '05.

[7]  Klim Efremenko,et al.  3-Query Locally Decodable Codes of Subexponential Length , 2008 .

[8]  Rafail Ostrovsky,et al.  Universal Service-Providers for Private Information Retrieval , 2015, Journal of Cryptology.

[9]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[10]  Rafail Ostrovsky,et al.  Batch codes and their applications , 2004, STOC '04.

[11]  Moshe Lewenstein,et al.  Conditional Lower Bounds for Space/Time Tradeoffs , 2017, WADS.

[12]  George Danezis,et al.  Lower-Cost ∈-Private Information Retrieval , 2016, Proc. Priv. Enhancing Technol..

[13]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[14]  Zeev Dvir,et al.  2-Server PIR with Subpolynomial Communication , 2016, J. ACM.

[15]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[16]  Amos Fiat,et al.  Rigorous Time/Space Trade-offs for Inverting Functions , 1999, SIAM J. Comput..

[17]  Dan Boneh,et al.  Constraining Pseudorandom Functions Privately , 2015, Public Key Cryptography.

[18]  Amir Herzberg,et al.  RAID-PIR: Practical Multi-Server PIR , 2014, CCSW.

[19]  Dominique Unruh,et al.  Random Oracles and Auxiliary Input , 2007, CRYPTO.

[20]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[21]  Brent Waters,et al.  Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model , 2015, ASIACRYPT.

[22]  Srinath T. V. Setty,et al.  Unobservable Communication over Fully Untrusted Infrastructure , 2016, OSDI.

[23]  Ian Goldberg,et al.  Sublinear Scaling for Multi-Client Private Information Retrieval , 2015, Financial Cryptography.

[24]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[25]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[26]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[27]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[28]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[29]  Rafail Ostrovsky,et al.  Private Anonymous Data Access , 2018, IACR Cryptol. ePrint Arch..

[30]  Yuval Ishai,et al.  Can We Access a Database Both Locally and Privately? , 2017, TCC.

[31]  Srinath T. V. Setty,et al.  Scalable and Private Media Consumption with Popcorn , 2016, NSDI.

[32]  Dan Boneh,et al.  Private Puncturable PRFs from Standard Lattice Assumptions , 2017, EUROCRYPT.

[33]  Helger Lipmaa,et al.  First CPIR Protocol with Data-Dependent Computation , 2009, ICISC.

[34]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[35]  Yuval Ishai,et al.  Information-Theoretic Private Information Retrieval: A Unified Construction , 2001, ICALP.

[36]  Ran Canetti,et al.  Towards Doubly Efficient Private Information Retrieval , 2017, TCC.

[37]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[38]  Rafail Ostrovsky,et al.  Universal service-providers for database private information retrieval (extended abstract) , 1998, PODC '98.

[39]  Vojtech Rödl,et al.  Modified ranks of tensors and the size of circuits , 1993, STOC '93.

[40]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[41]  John P. Steinberger,et al.  Random Oracles and Non-Uniformity , 2018, IACR Cryptol. ePrint Arch..

[42]  Aggelos Kiayias,et al.  Delegatable pseudorandom functions and applications , 2013, IACR Cryptol. ePrint Arch..

[43]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[44]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[45]  Sarvar Patel,et al.  Private Stateful Information Retrieval , 2018, CCS.

[46]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[47]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[48]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[49]  Rafail Ostrovsky,et al.  One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval , 2000, EUROCRYPT.

[50]  Sergey Yekhanin,et al.  Towards 3-query locally decodable codes of subexponential length , 2008, JACM.

[51]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[52]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[53]  Ryan Henry,et al.  Polynomial Batch Codes for Efficient IT-PIR , 2016, Proc. Priv. Enhancing Technol..

[54]  Rafail Ostrovsky,et al.  Cryptography from Anonymity , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[55]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[56]  Vojtech Rödl,et al.  Boolean Circuits, Tensor Ranks, and Communication Complexity , 1997, SIAM J. Comput..

[57]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[58]  Hao Chen,et al.  PIR with compressed queries and amortized computation , 2018 .

[59]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[60]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[61]  Yuval Ishai,et al.  Breaking the O(n/sup 1/(2k-1)/) barrier for information-theoretic Private Information Retrieval , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[62]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[63]  Andrew Chi-Chih Yao,et al.  Coherent Functions and Program ( extended abstract ) Checkers , .

[64]  Ari Juels,et al.  Targeted Advertising ... And Privacy Too , 2001, CT-RSA.

[65]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[66]  Carmela Troncoso,et al.  PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval , 2011, USENIX Security Symposium.

[67]  Srinivas Devadas,et al.  Riffle: An Efficient Communication System With Strong Anonymity , 2016, Proc. Priv. Enhancing Technol..

[68]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[69]  Jonathan Katz,et al.  Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited , 2017, EUROCRYPT.

[70]  Joan Feigenbaum,et al.  On the random-self-reducibility of complete sets , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[71]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[72]  Yuval Ishai,et al.  Reducing the Servers’ Computation in Private Information Retrieval: PIR with Preprocessing , 2004, Journal of Cryptology.

[73]  Ran Canetti,et al.  Constraint-Hiding Constrained PRFs for NC1 from LWE , 2017, EUROCRYPT.