One (Block) Size Fits All: PIR and SPIR with Variable-Length Records via Multi-Block Queries

We propose a new, communication-efficient way for users to fetch multiple blocks simultaneously in Goldberg’s robust information-theoretic private information retrieval (IT-PIR) scheme. Our new multi-block IT-PIR trades off some Byzantine robustness to improve throughput without affecting user privacy. By taking advantage of the recent Cohn-Heninger multi-polynomial list decoding algorithm, we show how realistic parameter choices enable the user to retrieve several blocks without increasing the communication or computation costs beyond what is required to retrieve a single block, and argue that the resulting scheme still maintains essentially optimal Byzantine robustness in practice. We also derive optimal parameters for our construction, which yields communication costs within a small factor of the lowest possible. With our new multi-block IT-PIR protocol as a starting point, we construct four new symmetric PIR (SPIR) protocols that each support variable-length database records. By decoupling the PIR block size from the lengths of individual database records, we are free to fix the block size to its communication-optimal value without artificially restricting the contents and layout of the records. Moreover, it is straightforward to augment three of our four new SPIR constructions with efficient zero-knowledge proofs about the particular records a user is requesting in a given query; this makes it easy to implement pricing and access control structures over the records using standard techniques from the literature. The resulting SPIR protocols are therefore well suited to privacy-preserving e-commerce applications, such as privacy-friendly sales of e-books, music, movies, or smart phone and tablet apps.

[1]  Jan Camenisch,et al.  Oblivious Transfer with Hidden Access Control Policies , 2011, Public Key Cryptography.

[2]  Jan Camenisch,et al.  Unlinkable Priced Oblivious Transfer with Rechargeable Wallets , 2010, Financial Cryptography.

[3]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[4]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[5]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[6]  Radu Sion,et al.  On the Practicality of Private Information Retrieval , 2007, NDSS.

[7]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  Yuval Ishai,et al.  Reducing the Servers’ Computation in Private Information Retrieval: PIR with Preprocessing , 2004, Journal of Cryptology.

[12]  Jan Camenisch,et al.  Oblivious transfer with access control , 2009, IACR Cryptol. ePrint Arch..

[13]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[14]  Nadia Heninger,et al.  Approximate common divisors via lattices , 2011, IACR Cryptol. ePrint Arch..

[15]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[16]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[17]  Philippe Gaborit,et al.  A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol , 2007, IACR Cryptol. ePrint Arch..

[18]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[19]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[20]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[21]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[22]  Catherine A. Meadows,et al.  Security of Ramp Schemes , 1985, CRYPTO.

[23]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[24]  Ian Goldberg,et al.  Optimally Robust Private Information Retrieval , 2012, USENIX Security Symposium.

[25]  Ian Goldberg,et al.  Privacy-Preserving Queries over Relational Databases , 2010, Privacy Enhancing Technologies.

[26]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[27]  Ian Goldberg,et al.  Batch Proofs of Partial Knowledge , 2013, ACNS.

[28]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[29]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes , 2009, IEEE Transactions on Information Forensics and Security.

[30]  Sergey Yekhanin,et al.  Locally Decodable Codes and Private Information Retrieval Schemes , 2010, Information Security and Cryptography.

[31]  Peter Y. A. Ryan,et al.  Prêt à Voter with Re-encryption Mixes , 2006, ESORICS.

[32]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[33]  Amos Beimel,et al.  Robust Information-Theoretic Private Information Retrieval , 2002, Journal of Cryptology.

[34]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[35]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[36]  Tal Malkin,et al.  A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication , 1998, RANDOM.

[37]  Ian Goldberg,et al.  Practical PIR for electronic commerce , 2011, CCS '11.

[38]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.