1 / 20

Private Information Retrieval

Private Information Retrieval. Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date : 2003/10/14. Outline. Motivation Introduction Formal Model & Definition Notation A Basic Two-Server Scheme

tevin
Télécharger la présentation

Private Information Retrieval

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date : 2003/10/14

  2. Outline • Motivation • Introduction • Formal Model & Definition • Notation • A Basic Two-Server Scheme • A Multi-Server Scheme • Conclusion

  3. Motivation • In e-commerce the protection of user privacy was not considered feasible until PIR problem was stated(Private Information Retrieve 36th IEEE FOCS , pp.41~50,1995) • Rough Def of Private Information Retrieve(PIR) • A PIR protocol allows a user to retrieve a record from a database while hiding the identity of the record from a database server

  4. Motivation • Where did the need for PIR come from • Patent(專利) Databases • If the patent server knows which patent the user is interested in , this could cause a lot of problem • Pharmaceutical(製藥) Databases • To hide the plans of the company drug designers buy the entire Pharmaceutical Database

  5. Introduction • Consider a user makes a query to a database • A lot of research was devoted to methods to protect the database against a curious user • But there are no methods to protect the privacy of the user(before 1995) • However, it is not difficult to prove that if the user wants to keep its privacy, the only thing he can do is to ask for a copy of the whole database --- it is unacceptable

  6. Introduction • Because the rapid development of distributed databases and fast communication network,it may be possible to make queries to several servers such that from the answers the desired information can be obtainedwhile each server get no information on the identity of the item the user is interested • Assumption • The database is a binary string x = x1x2…xn of length n • Identical copies of this string are stored by k >= 2 servers • The user is interested in the value of bit xi

  7. Introduction • Private Information Retrieval Scheme : The user queries each of the k servers and gets replies from which the desired bit xican be computed. The query to each server is distributed independently of i and therefore each server gains no information about i. A scheme with these properties is called a Private Information Retrieval scheme

  8. Introduction • Two server scheme with communication complexity O(n1/3) • Scheme of k servers with communication complexity O(n1/k)  O(n1/(2k-1)) • A scheme for 1/3*log2n+1 servers with total communication complexity 1/3*(1+O(1))*(log2n)2*log2log2(2n) (Ref : Private Information Retrieve 36th IEEE FOCS , pp.41~50,1995)

  9. Formal Model & Definition • Index i [n] => {1,2,3,…,n} • Random input r of length Lrnd • Produces k queries of length Lq to k servers: Q1(i,r),…,Qk(i,r) • The servers respond A1,…,Ak of lengthLa according to the content of X and the corresponding query • The userreconstructs the desired bit xi from these k replies

  10. Formal Model & Definition • Definition 1A k-servers Private Information Retrieval(PIR) scheme for database length n consists of • k query functions Q1,…,Qk : [n] x {0,1}Lrnd {0,1}Lq • k answer functions, A1,…,Ak : {0,1}nx {0,1}Lq {0,1}Lq • a reconstruction function ,R : [n] x {0,1}nx {0,1}Lrndx ({0,1}La)k {0,1} • These functions should satisfy Correctness & Privacy

  11. Formal Model & Definition • Correctness : For every x {0,1}n, i [n], and r {0,1}Lrnd • R(i,r, A1(x,Q1(i,r)),…,Ak(x,Qk(i,r))) = xi • Privacy : For every i,j [n], s [k], and q {0,1}Lq • Pr(Qs(i,r) = q) = Pr(Qs(j,r) = q) • where the probabilities are taken over uniformly chosen r {0,1}Lrnd • Extensions : PIR of Blocks • Single Bit PIR Schemes

  12. Notation • Notation : the following notations throughout the paper • U : a user • SRV1,…,SRVk : the servers • x = x1…xn a string in {0,1}n, known to each server representing the database • i : the index in x in which U is interested • [m] => {1,2,…,m} • For a set S and an element a let Sa => S Ù{a} if a S = > S \ {a} if a S

  13. A Basic Two-Server Scheme • The steps of the scheme are as below : • The user uniformly selects a random set S [n] • The user sends S to SRV1 and S i to SRV2 • Each server replies with a single bit which is the Exclusive OR of the bits with indices from SRV1,2 (SRV1 replies with jS xj SRV2 replies with jS i xj ) • The user Exclusive OR all the answers it has received thus retrieving the desired bit xi

  14. A Basic Two-Server Scheme • The steps of the scheme are as below : • The user uniformly selects a random set S [n] • The user sends S to SRV1 and S i to SRV2 • Each server replies with a single bit which is the Exclusive OR of the bits with indices from SRV1,2 (SRV1 replies with jS xj SRV2 replies with jS i xj ) • The user Exclusive OR all the answers it has received thus retrieving the desired bit xi

  15. A Basic Two-Server Scheme (Example) • User randomly choice S = {5,15,47} (n=100 , index i = 15, Si = {5,47}) SRV1 SRV2 (3)x5x15x47 (1) S ={5,15,47} (2) Si ={5,47} (4) x5x47

  16. A Basic Two-Server Scheme (Example) • User compute the desired bit xi • (SRV1 ) (SRV2 )

  17. A Multi-Server Scheme • A scheme for any number k≧2 servers • The scheme allows the user to obtain the desired bit by asking queries to k =2d servers. For any d≧1, it requires total communication complexity of 2d * (d * n1/d + 1) • The key idea is to associate [n] with the d dimensional cube [L]d and generalize the two-server scheme which may be viewed as the 1-dimensional case (i.e. d = 1) • Assume n = [L]d and embed x in a d-dimensional cube. Associate each position j n with a d-tuple (j1,…,jd) [L]d . In particular the index i of the desired bit is associated with a d-tuple (j1,…,jd) [L]d

  18. A Multi-Server Scheme (Steps)

  19. Conclusion • Some feelings of research • Remember the study of algorithm • Research the topic slowly • Treasure the beauty of the papers • Research groups • Cryptography and Information Security Group: Private Information Retrieval (Research topic at MIT) • Private Information Retrieval Research at BGU • PIR Research (Dartmouth (old research)) • Amos Beimel

  20. Conclusion • Research Directions • Extension of PIR • Robust PIR • T-privacy • Relax some requirement • encryption is permitted for one server O(Nε), ε>0 • Make PIR pratical • H/w • Combination with Datebase • Application on EC

More Related