Private Information Storage

We consider the setting of hiding information through the use of multiple databases that do not interact with one another. In this setting, there are k 2 \databases" which can be accessed by some \users". Users do not keep any state information, but wish to access O(n) bits of \data". Previously, in this setting solutions for retrieval of data in the eecient manner were given, where a user achieves this by interacting with all the databases. We consider the case of both writing and reading. While the case of reading was well studied before, the case of writing was previously completely open. In this paper, we show how to implement both read and write operations, with the following strong security guarantees: all the information about the read/write operation is information-theoretically hidden from all the databases (i.e. both the value of the bit and the address of the bit). As in the previous papers, we measure, as a function of k and n the amount of communication required between a user and all the databases for a single read/write operation, and achieve eecient read/write schemes. Moreover, we show a general reduction from reading database scheme to reading and writing database scheme, with the following guarantees: for any k, given a retrieval only k-database scheme with communication complexity R(k; n) we show a (k + 1) reading and writing database scheme with total communication complexity O R(k; n) (log n) O(1). Our general reduction in combination with the paper of Chor,Goldreich,Kushilevtiz,Sudan] yields: a 3-database scheme with read/write communication complexity of O n 1=3 (log n) 3 ; for all constants k 2, a (k + 1)-database scheme with read/write communication complexity of O n 1=k (log n) 3 ; O(log n)-database scheme with read/write communication complexity of O ? (log n) 3. It should be stressed that prior to the current paper no trivial (i.e. sub-linear) bounds for private information storage were known. Moreover, our result yields a solution to the problem of information-theoretically secure Oblivious RAM simulation with poly-log overhead in the above setting. Our result also implies that eecient instance-hiding schemes where the state can be altered are possible.

[1]  Joan Feigenbaum,et al.  Security with Low Communication Overhead , 1990, CRYPTO.

[2]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[3]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[4]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[5]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[6]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[7]  Silvio Micali,et al.  Fair Public-Key Cryptosystems , 1992, CRYPTO.

[8]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[9]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[10]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[11]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[12]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[13]  GoldreichOded,et al.  Software protection and simulation on oblivious RAMs , 1996 .

[14]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[15]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[16]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).