A Unified Approach to Deterministic Encryption : New Constructions and a Connection to Computational Entropy ( Abstract )

An information-theoretic private information retrieval (PIR) protocol allows a client to retrieve the i-th bit of a database, held by two or more servers, without revealing information about i to any individual server. Information-theoretic PIR protocols are closely related to locally decodable codes (LDCs), which are error correcting codes that can simultaneously offer a high level of robustness and sublinear-time decoding of each bit of the encoded message. Recent breakthrough results of Yekhanin (STOC 2007) and Efremenko (STOC 2009) have led to a dramatic improvement in the asymptotic complexity of PIR and LDC. We suggest a new “cryptographic” perspective on these recent constructions, which is based on a general notion of share conversion in secret-sharing schemes that may be of independent interest. Our new perspective gives rise to a clean framework which unifies previous constructions and generalizes them in several directions. In a nutshell, we use the following two-step approach: (1) apply share conversion to get a low-communication secure multiparty computation protocol P for a nontrivial class F of low-depth circuits; (2) use a lower bound on the VC dimension of F to get a good PIR protocol from P . Our framework reduces the task of designing good PIR protocols to that of finding powerful forms of share conversion which support circuit classes of a high VC dimension. Motivated by this framework, we study the general power of share conversion and obtain both positive and negative results. Our positive results improve the concrete complexity of PIR even for very feasible real-life parameters. They also lead to some improvements in the asymptotic complexity of the best previous PIR and LDC constructions. For 3server PIR, we improve the asymptotic communication complexity from O(2 √ log n log log ) to O(2 √ log n log log ) bits, where n is the database size. Our negative results on share conversion establish some limitations on the power of our approach. The paper was presented in the 27th IEEE Conference on Computational Complexity, 2012 at Porto, Portugal. This research was supported by ERC Starting Grant 259426. The first and fourth authors are additionally supported by ISF grant 938/09 and by the Frankel Center for Computer Science. The second and third authors are additionally supported by ISF grant 1361/10 and BSF grant 2008411. Almost-Everywhere Secure Computation with Edge Corruptions (Abstract) Nishanth Chandran , Juan Garay , and Rafail Ostrovsky3,† 1 Microsoft Research, Redmond 2 AT&T Labs – Research 3 Departments of Computer Science and Mathematics, UCLA Abstract. We consider secure multi-party computation (MPC) in a setting where the adversary can separately corrupt not only the parties (nodes) but also the communication channels (edges) in the network. We consider this question in the information-theoretic setting, and require security against a computationally unbounded adversary. In a fully connected network the above question is simple (and we also provide an answer that is optimal up to a constant factor). What makes the problem more challenging is to consider the case of sparse networks. Partially connected networks are far more realistic than fully connected networks, which led Garay and Ostrovsky [Eurocrypt’08] to formulate the notion of (unconditional) almost-everywhere (a.e.) secure computation in the node-corruption model, i.e., a model in which not all pairs of nodes are connected by secure channels and the adversary can corrupt some of the nodes (but not the edges). In this work we introduce the notion of almost-everywhere secure computation with edge corruptions, which is exactly the same problem We consider secure multi-party computation (MPC) in a setting where the adversary can separately corrupt not only the parties (nodes) but also the communication channels (edges) in the network. We consider this question in the information-theoretic setting, and require security against a computationally unbounded adversary. In a fully connected network the above question is simple (and we also provide an answer that is optimal up to a constant factor). What makes the problem more challenging is to consider the case of sparse networks. Partially connected networks are far more realistic than fully connected networks, which led Garay and Ostrovsky [Eurocrypt’08] to formulate the notion of (unconditional) almost-everywhere (a.e.) secure computation in the node-corruption model, i.e., a model in which not all pairs of nodes are connected by secure channels and the adversary can corrupt some of the nodes (but not the edges). In this work we introduce the notion of almost-everywhere secure computation with edge corruptions, which is exactly the same problem as described above, except that we additionally allow the adversary to completely control some of the communication channels between two correct nodes—i.e., to “corrupt” edges in the network. While it is easy to see that an a.e. secure computation protocol for the original nodecorruption model is also an a.e. secure computation protocol tolerating edge corruptions (albeit for a reduced fraction of edge corruptions with respect to the bound for node corruptions), no polynomial-time protocol is known in the case where a constant fraction of the edges can be corrupted (i.e., the maximum that can be tolerated) and the degree of the network is sub-linear. We make progress on this front, by constructing graphs of degree O(n ) (for arbitrary constant 0 < < 1) on which we can run a.e. secure computation protocols tolerating a constant fraction of adversarial edges. A version of this paper entitled “Edge Fault Tolerance on Sparse Networks” appears in the Proceedings of the 39th International Colloquium on Automata, Languages and Programming (ICALP 2012). The full version of this paper is available at http://eprint.iacr.org/2012/221. Email: nish@microsoft.com. Part of this work was done at UCLA. Email: garay@research.att.com. † Email: rafail@cs.ucla.edu. Improving the Quality of Santha-Vazirani