computational code based single server private
play

Computational Code-Based Single-Server Private Information Retrieval - PowerPoint PPT Presentation

Computational Code-Based Single-Server Private Information Retrieval Lukas Holzbaur , Camilla Hollanti, Antonia Wachter-Zeh Technical University of Munich Institute for Communications Engineering Private Information Retrieval Goal: Retrieve


  1. Computational Code-Based Single-Server Private Information Retrieval Lukas Holzbaur , Camilla Hollanti, Antonia Wachter-Zeh Technical University of Munich Institute for Communications Engineering

  2. Private Information Retrieval • Goal: Retrieve file from database without revealing index to the server(s) 1 Chor, Benny, et al. "Private information retrieval." Proceedings of IEEE 36th Annual Foundations of Computer Science. IEEE, 1995. 2 Sun, Hua, and Syed Ali Jafar. "The capacity of private information retrieval." IEEE Transactions on Information Theory 63.7 (2017): 4075-4088. 3 Kadhe, Swanand, et al. "Private information retrieval with side information." IEEE Transactions on Information Theory (2019). 4 Kushilevitz, Eyal, and Rafail Ostrovsky. "Replication is not needed: Single database, computationally-private information retrieval." Proceedings 38th Annual Symposium on Foundations of Computer Science. IEEE, 1997. Lukas Holzbaur (TUM) 2

  3. Private Information Retrieval • Goal: Retrieve file from database without revealing index to the server(s) • Perfect privacy with a single server is only possible with trivial “download-everything” solution 1 • Different approaches: 1 Chor, Benny, et al. "Private information retrieval." Proceedings of IEEE 36th Annual Foundations of Computer Science. IEEE, 1995. 2 Sun, Hua, and Syed Ali Jafar. "The capacity of private information retrieval." IEEE Transactions on Information Theory 63.7 (2017): 4075-4088. 3 Kadhe, Swanand, et al. "Private information retrieval with side information." IEEE Transactions on Information Theory (2019). 4 Kushilevitz, Eyal, and Rafail Ostrovsky. "Replication is not needed: Single database, computationally-private information retrieval." Proceedings 38th Annual Symposium on Foundations of Computer Science. IEEE, 1997. Lukas Holzbaur (TUM) 2

  4. Private Information Retrieval • Goal: Retrieve file from database without revealing index to the server(s) • Perfect privacy with a single server is only possible with trivial “download-everything” solution 1 • Different approaches: ◮ Multiple, non-colluding servers 2 ◮ Private side-information 3 ◮ Computational Privacy 4 1 Chor, Benny, et al. "Private information retrieval." Proceedings of IEEE 36th Annual Foundations of Computer Science. IEEE, 1995. 2 Sun, Hua, and Syed Ali Jafar. "The capacity of private information retrieval." IEEE Transactions on Information Theory 63.7 (2017): 4075-4088. 3 Kadhe, Swanand, et al. "Private information retrieval with side information." IEEE Transactions on Information Theory (2019). 4 Kushilevitz, Eyal, and Rafail Ostrovsky. "Replication is not needed: Single database, computationally-private information retrieval." Proceedings 38th Annual Symposium on Foundations of Computer Science. IEEE, 1997. Lukas Holzbaur (TUM) 2

  5. System Setup • System storing m files ( s − v )( n − k ) · · · X m X = X 1 X 2 X 3 L • User wants file X i and keep index i private Lukas Holzbaur (TUM) 3

  6. Query Generation User chooses: • A random [ n , k ] q s code C Q i = Lukas Holzbaur (TUM) 4

  7. Query Generation n User chooses: • A random [ n , k ] q s code C • Matrix D ∈ F m δ × n where each row D l , : is chosen q s uniformly at random from C Q i = + D Lukas Holzbaur (TUM) 4

  8. Query Generation n User chooses: • A random [ n , k ] q s code C • Matrix D ∈ F m δ × n where each row D l , : is chosen q s uniformly at random from C • Random information set I ⊂ [ n ] of C Q i = + + D E • A random basis Γ = { γ 1 , γ 2 , ..., γ s } of F q s over F q → Let V = �{ γ 1 , ..., γ v }� q E ∈ V m δ × n − k i.i.d. at random • A matrix ˆ Lukas Holzbaur (TUM) 4

  9. Query Generation n User chooses: • A random [ n , k ] q s code C • Matrix D ∈ F m δ × n where each row D l , : is chosen q s m ( s − v )( n − k ) uniformly at random from C • Random information set I ⊂ [ n ] of C Q i = ∆ ⊗ e m + + D E • A random basis Γ = { γ 1 , γ 2 , ..., γ s } of F q s over F q i → Let V = �{ γ 1 , ..., γ v }� q E ∈ V m δ × n − k i.i.d. at random • A matrix ˆ ∆ • Full-rank matrix ˆ ∆ ∈ ( F q s / V ) ( s − v )( n − k ) × n − k Lukas Holzbaur (TUM) 4

  10. Server Reply n ( s − v )( n − k ) m ( s − v )( n − k ) Q i = ∆ ⊗ e m + + D E i · · · X m X = X 1 X 2 X 3 L ∆ Server Replies with: A i = X · Q i ∈ F L × n q s For simplicity, let L = 1. Lukas Holzbaur (TUM) 5

  11. Decoding User receives: n � m � � A i = X · Q i = X l · ( D ( l − 1 ) δ + 1 : l δ, : + E ( l − 1 ) δ + 1 : l δ, : ) + X i · ∆ m ( s − v )( n − k ) l = 1 Q i = ∆ ⊗ e m + + D E i ∆ Lukas Holzbaur (TUM) 6

  12. Decoding User receives: n � m � � A i = X · Q i = X l · ( D ( l − 1 ) δ + 1 : l δ, : + E ( l − 1 ) δ + 1 : l δ, : ) + X i · ∆ m ( s − v )( n − k ) l = 1 Q i = ∆ ⊗ e m + + � m � m D E � � i � � X l · D ( l − 1 ) δ + 1 : l δ, : X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ = + ∆ l = 1 l = 1 � �� � � �� � ∈C zero in positions I Lukas Holzbaur (TUM) 6

  13. Decoding User receives: n � m � � A i = X · Q i = X l · ( D ( l − 1 ) δ + 1 : l δ, : + E ( l − 1 ) δ + 1 : l δ, : ) + X i · ∆ m ( s − v )( n − k ) l = 1 Q i = ∆ ⊗ e m + + � m � m D E � � i � � X l · D ( l − 1 ) δ + 1 : l δ, : X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ = + ∆ l = 1 l = 1 � �� � � �� � ∈C zero in positions I The set I is an information set, so the user can retrieve � m � � X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ l = 1 Lukas Holzbaur (TUM) 6

  14. Decoding � m � � X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ l = 1 • Entries of Data matrix X : F q • Entries of Matrix E : • Entries of Matrix ∆ : Lukas Holzbaur (TUM) 7

  15. Decoding � m � � X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ l = 1 • Entries of Data matrix X : F q • Entries of Matrix E : V • Entries of Matrix ∆ : F q s / V Lukas Holzbaur (TUM) 7

  16. Decoding � m � � X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ l = 1 • Entries of Data matrix X : F q • Entries of Matrix E : V • Entries of Matrix ∆ : F q s / V ⇒ Intersection with F q s / V gives X i · ∆ Lukas Holzbaur (TUM) 7

  17. Decoding � m � � X l · E ( l − 1 ) δ + 1 : l δ, : + X i · ∆ l = 1 • Entries of Data matrix X : F q • Entries of Matrix E : V • Entries of Matrix ∆ : F q s / V ⇒ Intersection with F q s / V gives X i · ∆ ⇒ ∆ is full-rank by definition ⇒ User obtains X i Lukas Holzbaur (TUM) 7

  18. Performance Theorem: PIR rate The rate of the scheme is � � 1 − k + v s ( n − k ) L R PIR = . m δ + L n For large files, i.e., L → ∞ , the rate becomes R PIR = 1 − k + v s ( n − k ) . n Lukas Holzbaur (TUM) 8

  19. Attacks Problem: Error Subspace Search Problem Given a set of words in F n q s which are each the sum of a codeword of a random code C and an error vector. Find a v -dimensional subspace that contains the largest possible number of these error vectors. Lukas Holzbaur (TUM) 9

  20. Attacks Problem: Error Subspace Search Problem Given a set of words in F n q s which are each the sum of a codeword of a random code C and an error vector. Find a v -dimensional subspace that contains the largest possible number of these error vectors. • Consider the query as the basis of a code �� � T � � Q T � D · A , ˆ E + ˆ ∆ ⊗ e m = i Lukas Holzbaur (TUM) 9

  21. Attacks Problem: Error Subspace Search Problem Given a set of words in F n q s which are each the sum of a codeword of a random code C and an error vector. Find a v -dimensional subspace that contains the largest possible number of these error vectors. • Consider the query as the basis of a code �� � T � � Q T � D · A , ˆ E + ˆ ∆ ⊗ e m = i • The elements of ˆ E are from the space V • Puncturing the positions corresponding to i gives a large subspace subcode for V Lukas Holzbaur (TUM) 9

  22. Attacks Problem: Error Subspace Search Problem Given a set of words in F n q s which are each the sum of a codeword of a random code C and an error vector. Find a v -dimensional subspace that contains the largest possible number of these error vectors. • Consider the query as the basis of a code �� � T � � Q T � D · A , ˆ E + ˆ ∆ ⊗ e m = i • The elements of ˆ E are from the space V • Puncturing the positions corresponding to i gives a large subspace subcode for V ⇒ Make it difficult to guess the subspace V Lukas Holzbaur (TUM) 9

  23. Attacks Problem: Quotient Error Search Problem Given a set of words in F n q s which are each the sum of a codeword of a random code C and an error vector from a subspace F n q v , except for one, to which an additional error vector from the quotient space F n q s / F n q v is added. Find the word with the additional error vector from the quotient space. Lukas Holzbaur (TUM) 10

Recommend


More recommend