Reducing the Servers Computation in Private Information Retrieval: PIR with Preprocessing

Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al., and since then efficient protocols with sub-linear communication were suggested. However, in all these protocols the servers' computation for each retrievalis at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the modelof PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomially-many information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a k-server protocolwith O(n1/(2k-1)) communication and O(n/log2k-2n) work, and for any constants k ≥ 2 and Ɛ > 0 a k-server protocol with O(n1/k+Ɛ) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an off-line stage.

[1]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[2]  Toshiya Itoh,et al.  Efficient Private Information Retrieval , 1999 .

[3]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval , 1999, STOC 1999.

[4]  Yuval Ishai,et al.  Information-Theoretic Private Information Retrieval: A Unified Construction , 2001, ICALP.

[5]  Yevgeniy Dodis,et al.  Master's thesis: Space-time tradeoffs for graph properties , 1998 .

[6]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[7]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[8]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval (extended abstract) , 1999, STOC '99.

[9]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[10]  Michael E. Saks,et al.  Super-linear time-space tradeoff lower bounds for randomized computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[11]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[12]  Andrew Chi-Chih Yao,et al.  Should Tables Be Sorted? , 1981, JACM.

[13]  Rafail Ostrovsky,et al.  Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP , 2000, ICALP.

[14]  Peter Bro Miltersen,et al.  On data structures and asymmetric communication complexity , 1994, STOC '95.

[15]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[16]  Rafail Ostrovsky,et al.  One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval , 2000, EUROCRYPT.

[17]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[18]  Taiichi Saito,et al.  Private Information Retrieval Based on the Subgroup Membership Problem , 2001, ACISP.

[19]  E. Kushilevitz,et al.  Barrier for Information-Theoretic Private Information Retrieval , 2002 .

[20]  Tal Malkin,et al.  A study of secure database access and general two-party computation , 2000 .

[21]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[22]  Jacobus H. van Lint,et al.  Introduction to Coding Theory , 1982 .

[23]  Yuval Ishai,et al.  One-way functions are essential for single-server private information retrieval , 1999, STOC '99.

[24]  Andris Ambainis,et al.  Imroved Upper Bounds on the Simultaneous Messages Complexity of the Generalized Addressing Function , 2000, LATIN.

[25]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[26]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[27]  Satyanarayana V. Lokam,et al.  Simultaneous Messages vs. Communication , 1995, STACS.

[28]  Sanjeev Khanna,et al.  Space Time Tradeoffs for Graph Properties , 1999, ICALP.

[29]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[30]  Rafail Ostrovsky,et al.  Universal service-providers for database private information retrieval (extended abstract) , 1998, PODC '98.

[31]  Vojtech Rödl,et al.  Modified ranks of tensors and the size of circuits , 1993, STOC '93.

[32]  Tal Malkin,et al.  A Random Server Model for Private Information Retrieval (or Information Theoretic PIR Avoiding Database Replication , 1997 .

[33]  Elizabeth D Mann Private access to distributed information , 1998 .

[34]  Peter Bro Miltersen Cell probe complexity-a survey , 1999 .

[35]  Don Coppersmith,et al.  Matrix multiplication via arithmetic progressions , 1987, STOC.

[36]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[37]  Joan Feigenbaum,et al.  Hiding Instances in Multioracle Queries , 1990, STACS.

[38]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.