XPIR : Private Information Retrieval for Everyone

Open access


A Private Information Retrieval (PIR) scheme is a protocol in which a user retrieves a record from a database while hiding which from the database administrators. PIR can be achieved using mutuallydistrustful replicated databases, trusted hardware, or cryptography. In this paper we focus on the later setting which is known as single-database computationally- Private Information Retrieval (cPIR). Classic cPIR protocols require that the database server executes an algorithm over all the database content at very low speeds which impairs their usage. In [1], given certain assumptions, realistic at the time, Sion and Carbunar showed that cPIR schemes were not practical and most likely would never be. To this day, this conclusion is widely accepted by researchers and practitioners. Using the paradigm shift introduced by lattice-based cryptography, we show that the conclusion of Sion and Carbunar is not valid anymore: cPIR is of practical value. This is achieved without compromising security, using standard crytosystems, and conservative parameter choices.

[1] R. Sion and B. Carbunar, “On the Computational Practicality of Private Information Retrieval,” in 14th ISOC Network and Distributed Systems Security Symposium (NDSS’07), San Diego, CA, USA, 2007.

[2] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, “Private Information Retrieval,” in 46th IEEE Symposium on Foundations of Computer Science (FOCS’95), Pittsburgh, PA, USA, pp. 41-50, IEEE Computer Society Press, 1995.

[3] W. Gasarch, “A Survey on Private Information Retrieval,” Bulletin of the European Association for Theoretical Computer Science, vol. 82, pp. 72-107, Feb. 2004. Columns: Computational Complexity.

[4] A. Kiayias and M. Yung, “Secure Games with Polynomial Expressions,” in ICALP: Annual International Colloquium on Automata, Languages and Programming, 2001.

[5] C. Aguilar Melchor and P. Gaborit, “A Fast Private Information Retrieval Protocol,” in The 2008 IEEE International Symposium on Information Theory (ISIT’08), Toronto, Ontario, Canada, pp. 1848-1852, IEEE Computer Society Press, 2008.

[6] J. T. Trostle and A. Parrish, “Efficient computationally private information retrieval from anonymity or trapdoor groups,” in ISC (M. Burmester, G. Tsudik, S. S. Magliveras, and I. Ilic, eds.), vol. 6531 of Lecture Notes in Computer Science, pp. 114-128, Springer, 2010.

[7] J. P. Stern, “A New Efficient All-Or-Nothing Disclosure of Secrets Protocol.,” in 13th Annual International Conference on the Theory and Application of Cryptology & Information Security (ASIACRYPT’98), Beijing, China, vol. 1514 of Lecture Notes in Computer Science, pp. 357-371, Springer, 1998.

[8] H. Lipmaa, “First cpir protocol with data-dependent computation,” in Proceedings of the 12th International Conference on Information Security and Cryptology, ICISC’09, (Berlin, Heidelberg), pp. 193-210, Springer-Verlag, 2010.

[9] R. Ostrovsky and W. E. Skeith III, “Private Searching on Streaming Data,” in Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, vol. 3621 of Lecture Notes in Computer Science, pp. 223-240, Springer, 2005.

[10] D. Bleichenbacher, A. Kiayias, and M. Yung, “Decoding of Interleaved Reed Solomon Codes over Noisy Data,” in Automata, Languages and Programming, 30th International Colloquium, ICALP 2003, Eindhoven, The Netherlands, June 30 - July 4, 2003. Proceedings (J. C. M. Baeten, J. K. Lenstra, J. Parrow, and G. J. Woeginger, eds.), vol. 2719 of Lecture Notes in Computer Science, pp. 97-108, Springer, 2003.

[11] D. Coppersmith and M. Sudan, “Reconstructing curves in three (and higher) dimensional space from noisy data,” in Proceedings of the 35th Annual ACM Symposium on Theory of Computing, STOC’2003 (San Diego, California, USA, June 9-11, 2003), (New York), pp. 136-142, ACM Press, 2003.

[12] S. Arora and R. Ge, “New algorithms for learning in presence of errors,” in Automata, Languages and Programming, 30th International Colloquium, ICALP 2003, Eindhoven, The Netherlands, June 30 - July 4, 2003. Proceedings, pp. 403-415, Springer, 2011.

[13] J. Bi, M. Liu, and X. Wangi, “Cryptanalysis of a homomorphic encryption scheme from isit 2008,” in Information Theory Proceedings (ISIT), 2012 IEEE International Symposium on, pp. 2152-2156, 2012.

[14] T. Lepoint and M. Tibouchi, “Cryptanalysis of a (somewhat) additively homomorphic encryption scheme used in pir,” in WAHC’15 - 3rd Workshop on Encrypted Computing and Applied Homomorphic Cryptography, 2015.

[15] C. Aguilar Melchor, B. Crespin, P. Gaborit, V. Jolivet, and P. Rousseau, “High-speed Private Information Retrieval Computation on GPU,” in Second International Conference on Emerging Security Information, Systems and Technologies (SECURWARE’08), Cap Esterel, France, pp. 263-272, IEEE Computer Society Press, 2008.

[16] P. Mittal, F. G. Olumofin, C. Troncoso, N. Borisov, and I. Goldberg, “Pir-tor: Scalable anonymous communication using private information retrieval.,” in USENIX Security Symposium, 2011.

[17] R. Henry, Y. Huang, and I. Goldberg, “One (block) size fits all: Pir and spir with variable-length records via multi-block queries,” Proceedings of NDSS, 2013.

[18] T. Mayberry, E.-O. Blass, and A. H. Chan, “Efficient private file retrieval by combining ORAM and PIR,” in Proceedings of Annual Network & Distributed System Security Symposium, pp. 1-11, Citeseer, 2014.

[19] E.-O. Blass, R. Di Pietro, R. Molva, and M. Önen, “Prism - privacy-preserving search in mapreduce,” in Privacy Enhancing Technologies (S. Fischer-Hübner and M. Wright, eds.), vol. 7384 of Lecture Notes in Computer Science, pp. 180-200, Springer Berlin Heidelberg, 2012.

[20] F. Olumofin, P. Tysowski, I. Goldberg, and U. Hengartner, “Achieving efficient query privacy for location based services,” in Privacy Enhancing Technologies (M. Atallah and N. Hopper, eds.), vol. 6205 of Lecture Notes in Computer Science, pp. 93-110, Springer Berlin Heidelberg, 2010.

[21] F. Olumofin and I. Goldberg, “Privacy-preserving queries over relational databases,” in Privacy Enhancing Technologies (M. Atallah and N. Hopper, eds.), vol. 6205 of Lecture Notes in Computer Science, pp. 75-92, Springer Berlin Heidelberg, 2010.

[22] C. Devet and I. Goldberg, “The best of both worlds: Combining information-theoretic and computational pir for communication efficiency,” in Privacy Enhancing Technologies, pp. 63-82, Springer, 2014.

[23] V. Lyubashevsky, C. Peikert, and O. Regev, “On ideal lattices and learning with errors over rings,” in EUROCRYPT’ 2010, vol. 6110 of Lecture Notes in Computer Science, pp. 1-23, Springer, 2010.

[24] W. Gasarch and A. Yerukhimovich, “Computational inexpensive PIR,” 2006. Draft available online at http://www.cs.umd.edu/~arkady/pir/pirComp.pdf.

[25] O. Regev, “New lattice based cryptographic constructions,” Journal of the ACM, vol. 51, no. 6, pp. 899-942, 2004.

[26] S. W. Smith and D. Safford, “Practical server privacy with secure coprocessors,” IBM Systems Journal, vol. 40, no. 3, pp. 683-695, 2001.

[27] E. Kushilevitz and R. Ostrovsky, “Replication is not needed: Single database, computationally-private information retrieval (extended abstract),” in FOCS: IEEE Symposium on Foundations of Computer Science (FOCS), pp. 364-373, 1997.

[28] F. Olumofin and I. Goldberg, “Revisiting the computational practicality of private information retrieval,” in Financial Cryptography and Data Security (G. Danezis, ed.), vol. 7035 of Lecture Notes in Computer Science, pp. 158-172, Springer Berlin Heidelberg, 2012.

[29] Gilles Brassard and Claude Crépeau and Jean-Marc Robert, “All-or-Nothing Disclosure of Secrets,” in CRYPTO (A. M. Odlyzko, ed.), vol. 263 of Lecture Notes in Computer Science, pp. 234-238, Springer, 1986.

[30] Z. Brakerski and V. Vaikuntanathan, “Fully homomorphic encryption from ring-lwe and security for key dependent messages,” in Advances in Cryptology - CRYPTO 2011 -31st Annual Cryptology Conference, vol. 6841, p. 501, 2011.

[31] Y. Doröz, B. Sunar, and G. Hammouri, “Bandwidth efficient pir from ntru,” in 2nd Workshop on Applied Homomorphic Cryptography and Encrypted Computing - WAHC’14, pp. 195-207, Springer, 2014.

[32] A. Kiayias, N. Leonardos, H. Lipmaa, K. Pavlyk, and Q. Tang, “Optimal rate private information retrieval from homomorphic encryption,” PoPETs, vol. 2015, no. 2, pp. 222-243, 2015.

[33] D. Pointcheval, “Le chiffrement asymétrique et la sécurité prouvée,” Habilitation à diriger des recherches, Université Paris VII, 2002.

[34] S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, vol. 28, no. 2, pp. 270-299, 1984.

[35] R. Lindner and C. Peikert, “Better key sizes (and attacks) for lwe-based encryption,” in CT-RSA (A. Kiayias, ed.), vol. 6558 of Lecture Notes in Computer Science, pp. 319-339, Springer, 2011.

[36] H. Lipmaa, “An oblivious transfer protocol with log-squared communication,” in 8th Information Security Conference (ISC’05), Singapore, vol. 3650 of Lecture Notes in Computer Science, pp. 314-328, Springer, 2005.

[37] M. J. Freedman, Y. Ishai, B. Pinkas, and O. Reingold, “Keyword Search and Oblivious Pseudorandom Functions,” vol. 3378 of Lecture Notes in Computer Science, pp. 303-324, Springer, 2005.

[38] R. Ostrovsky and W. E. Skeith III, “Private searching on streaming data,” J. Cryptology, vol. 20, no. 4, pp. 397-430, 2007.

[39] M. Finiasz and K. Ramchandran, “Private Stream Search at the same communication cost as a regular search: Role of LDPC codes,” in Information Theory Proceedings (ISIT), 2012 IEEE International Symposium on, pp. 2556-2560, 2012.

[40] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in 18th Annual Eurocrypt Conference (EUROCRYPT’99), Prague, Czech Republic, vol. 1592 of Lecture Notes in Computer Science, pp. 223-238, Springer, 1999.

[41] N. Göttert, T. Feller, M. Schneider, J. Buchmann, and S. Huss, “On the design of hardware building blocks for modern lattice-based encryption schemes,” in Cryptographic Hardware and Embedded Systems - CHES 2012 (E. Prouff and P. Schaumont, eds.), vol. 7428 of Lecture Notes in Computer Science, pp. 512-529, Springer Berlin Heidelberg, 2012.

[42] S. Halevi and V. Shoup, “Design and implementation of a homomorphic-encryption library,” 2013.

[43] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully homomorphic encryption without bootstrapping,” in Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS ’12, (New York, NY, USA), pp. 309-325, ACM, 2012.

[44] D. Harvey, “Faster arithmetic for number-theoretic transforms,” J. Symb. Comput., vol. 60, pp. 113-119, 2014.

[45] T. Güneysu, T. Oder, T. Pöppelmann, and P. Schwabe, “Software speed records for lattice-based signatures,” in Post-Quantum Cryptography (P. Gaborit, ed.), vol. 7932 of Lecture Notes in Computer Science, pp. 67-82, Springer-Verlag Berlin Heidelberg, 2013. Document ID: d67aa537a6de60813845a45505c313, http://cryptojedi.org/papers/#lattisigns.

[46] ISO/IEC, “High efficiency coding and media delivery in heterogeneous environments - part 2: High efficiency video coding,” Tech. Rep. ISO/IEC 23008-2:2013, International Standards Organization Publication, 2013.

[47] J. Ohm, G. Sullivan, H. Schwarz, T. K. Tan, and T. Wiegand, “Comparison of the coding efficiency of video coding standards;including high efficiency video coding (hevc),” Circuits and Systems for Video Technology, IEEE Transactions on, vol. 22, pp. 1669-1684, Dec 2012.

[48] T. Gupta, N. Crooks, S. Setty, L. Alvisi, and M. Walfish, “Scalable and private media consumption with popcorn.” Cryptology ePrint Archive, Report 2015/489, 2015. http: //eprint.iacr.org/.

[49] R. Sinha, C. Papadopoulos, and J. Heidemann, “Internet packet size distributions: Some observations,” Tech. Rep. ISI-TR-2007-643, USC/Information Sciences Institute, May 2007. Orignally released October 2005 as web page http://netweb.usc.edu/~rsinha/pkt-sizes/.

Journal Information

Cited By


All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 320 320 42
PDF Downloads 175 175 28