One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval

We show that general one-way trapdoor permutations are sufficient to privately retrieve an entry from a database of size n with total communication complexity strictly less than n. More specifically, we present a protocol in which the user sends O(K2) bits and the server sends n - cn/K bits (for any constant c), where K is the security parameter of the trapdoor permutations. Thus, for sufficiently large databases (e.g., when K = nƐ for some small Ɛ) our construction breaks the information-theoretic lower-bound (of at least n bits). This demonstrates the feasibility of basing single-server private information retrieval on general complexity assumptions. An important implication of our result is that we can implement a 1-out-of- n Oblivious Transfer protocol with communication complexity strictly less than n based on any one-way trapdoor permutation.

[1]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval (extended abstract) , 1999, STOC '99.

[2]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[3]  Rafail Ostrovskyy,et al.  Secure Commitment Against A Powerful AdversaryA security primitive based on average intractability , 1992 .

[4]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[5]  Nathan Linial,et al.  Fault-tolerant computation in the full information model , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[6]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[7]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract) , 1992, CRYPTO.

[8]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[9]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[10]  Tal Malkin,et al.  A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication , 1998, RANDOM.

[11]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval , 1999, STOC 1999.

[12]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[13]  Yuval Ishai,et al.  One-way functions are essential for single-server private information retrieval , 1999, STOC '99.

[14]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[15]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[16]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[17]  M. Naor,et al.  Perfect zero-knowledge ar-guments for NP can be based on general complexity assumptions , 1998 .

[18]  Ivan Damgård,et al.  Interactive Hashing can Simplify Zero-Knowledge Protocol Design Without Computational Assumptions (Extended Abstract) , 1993, CRYPTO.

[19]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[20]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[21]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[22]  Johan Hstad,et al.  Construction of a pseudo-random generator from any one-way function , 1989 .

[23]  Nathan Linial,et al.  Fault-Tolerant Computation in the Full Information Model , 1998, SIAM J. Comput..

[24]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[25]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[26]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[27]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[28]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[29]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[30]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[31]  Rafail Ostrovsky,et al.  Universal service-providers for database private information retrieval (extended abstract) , 1998, PODC '98.

[32]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[33]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[34]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[35]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[36]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[37]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[38]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[39]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[40]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[41]  Rafail Ostrovsky,et al.  Interactive Hashing Simplifies Zero-Knowledge Protocol Design , 1994, EUROCRYPT.

[42]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[43]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[44]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[45]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[46]  Joan Feigenbaum,et al.  A Note On One-Prover, Instance-Hiding Zero-Knowledge Proof Systems , 1991, ASIACRYPT.

[47]  Hideki Imai,et al.  Advances in Cryptology — ASIACRYPT '91 , 1991, Lecture Notes in Computer Science.

[48]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[49]  Amit Sahai,et al.  Many-to-One Trapdoor Functions and Their Ralation to Public-Key Cryptosystems , 1998, CRYPTO.

[50]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[51]  Rafail Ostrovsky,et al.  Secure Commitment Against A Powerful Adversary , 1992, STACS.

[52]  Elizabeth D Mann Private access to distributed information , 1998 .