First CPIR Protocol with Data-Dependent Computation

We design a new (n, 1)-CPIR protocol BddCpir for l-bit strings as a combination of a noncryptographic (BDD-based) data structure and a more basic cryptographic primitive (communication-efficient (2, 1)-CPIR). BddCpir is the first CPIR protocol where server's online computation depends substantially on the concrete database. We then show that (a) for reasonably small values of l, BddCpir is guaranteed to have simultaneously log-squared communication and sublinear online computation, and (b) BddCpir can handle huge but sparse matrices, common in data-mining applications, significantly more efficiently compared to all previous protocols. The security of BddCpir can be based on the well-known Decisional Composite Residuosity assumption.

[1]  Arkady Yerukhimovich,et al.  Computationally Inexpensive cPIR , 2007 .

[2]  Harry B. Hunt,et al.  On the Size of Binary Decision Diagrams Representing Boolean Functions , 1995, Theor. Comput. Sci..

[3]  M. Ray Mercer,et al.  Least Upper Bounds an OBDD Sizes , 1994, IEEE Trans. Computers.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[6]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[7]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[8]  Masahiro Fujita,et al.  Multi-Terminal Binary Decision Diagrams: An Efficient Data Structure for Matrix Representation , 1997, Formal Methods Syst. Des..

[9]  Yuval Ishai,et al.  Reducing the Servers Computation in Private Information Retrieval: PIR with Preprocessing , 2000, CRYPTO.

[10]  Helger Lipmaa New Communication-Efficient Oblivious Transfer Protocols Based on Pairings , 2008, ISC.

[11]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[12]  Sven Laur,et al.  A New Protocol for Conditional Disclosure of Secrets and Its Applications , 2007, ACNS.

[13]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[14]  Samuel D. Johnson Branching programs and binary decision diagrams: theory and applications by Ingo Wegener society for industrial and applied mathematics, 2000 408 pages , 2010, SIGA.

[15]  Helger Lipmaa Private Branching Programs: On Communication-Efficient Cryptocomputing , 2008, IACR Cryptol. ePrint Arch..

[16]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[17]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[18]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[19]  Ivan Damgård,et al.  A Length-Flexible Threshold Cryptosystem with Applications , 2003, ACISP.

[20]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[21]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[22]  Yuval Ishai,et al.  Selective private function evaluation with applications to private statistics , 2001, PODC '01.

[23]  Chen-Shang Lin,et al.  On the OBDD-Representation of General Boolean Functions , 1992, IEEE Trans. Computers.

[24]  Philippe Gaborit,et al.  A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol , 2007, IACR Cryptol. ePrint Arch..

[25]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.