On the Computational Practicality of Private Information Retrieval
description
Transcript of On the Computational Practicality of Private Information Retrieval
On the Computational Practicality of Private Information Retrieval
Radu Sion, Bogdan Carbunar
Presented by Sultan Moukli
1
Agenda
- Introduction- Privacy information retrieval- Building Blocks
- Fast modular arithmetic- Quadratic Residuosity PIR
- cPIR- Key size - Final equation - Result- Other protocols - Conclusion
2
Introduction
The normal case
User send a query to database to get some information
SELECT fieldListFROM objectType[WHERE conditionExpression]
3
Introduction
4
Introduction
User U Database DB
Secure Channel
X1 X2 X3 ….. Xn
Needs Xi info
Please give me i
Xi
The database knows what U are
looking for
5
Introduction
What is the problem?
The database server knows about the privacy information of the user
The history of user U’s query
- Clothes men size XXX
- Part for car model XXX 6
IntroductionSoultion
PIRSend entire
DB
Multi server
Single server
7
Introduction
The objective of this paper
Investigate PIR computation times and compare against the alternative of transferring the entire database to the client.
The experimental discuss
- general lower bounds on server-side per-data-bit computation
- communication complexity.
8
Introduction
Private Information Retrieval (PIR) schemes allow a user to retrieve information from a database while maintaining the privacy of the queries from the database.
Private information retrieval (PIR) provides a cryptographic means for retrieving data from a database without the database or database administrator learning any information about which particular item was retrieved.
9
Privacy information retrieval
- Information-Theoretic PIR ( k servers k>=2 )
- Computational PIR (single server)
10
Building Blocks
- Hardware
- CPU ALU(arithmetic and logic units)
- Parallelism
- MIPS (Millions of instructions per second) arithmetic and logic units
- Fast Modular Arithmetic Algorithms
- Quadratic Residuosity PIR- Key Sizes
11
Fast Modular Arithmetic Algorithmsm is the number of digits in the operands
12
Quadratic Residuosity PIR
x is quadratic residue modulo n if there exists a є Zn* such that
x = a2 mod nFor example Z10
a=
a2 =
1 2 3 4 5 6 7 8 9
1 4 9 6 5 6 9 4 1
13
cPIR
The client:• Chooses two prime numbers p and q of similar bit length, computes their product, N = p.q and sends it to the server.• Generates √n numbers s1, s2, . . . , s√n, such that sx is a quadratic non-residue (QNR) and the rest are quadratic residues (QR) in Z*
N.• Sends s1, s2, . . . , s√n to the server.For each “column” j (1,√n) in the √n × √n matrix,∈The server: qij = si
2 if M(i, j) = 1 qij = si if M(i, j) = 0• Computes the product rj = ∏0<i<√n qij then send r1..r√n to client
14
Key Size
the single-server computational PIR setting of choice relies on the quadratic residuosity assumption they considered here the (equivalent) assumed hardness of factoring as a metric for achieved privacy.
to establish the values of |N| for different points in time.
15
Final equation
tt = 1/B the time required to transmit one bit between the server and the client
tqrv(b) the time required to verify the quadratic residuosity of one b-bit number
16
Result 1995-2006
17
Result 1995-2006
18
Result 2006
19
Result 2010-2035
Moore’s Law impact in computing performance
Nielsen’s Law of network bandwidth
20
Result 2010-2035
21
Others protocol
- Cashin proposed Hiding Assumption to perform PIR with poly-logarithmic communication complexity. Authors note the protocol requires the server to perform n exponentiations modulo m.
- Symmetric Private Information Retrieval
- Computation-Amortized PIR
22
Conclusion
showed that single-server PIR protocols, running on modern high-end non-specialized hardware and networks, are mostly orders of magnitude slower than the trivial transfer of the entire database to the client.
They believe it is important to explore protocols for single-server PIR in the presence of server-side trusted hardware [15, 69]. This should allow the delegation of client-logic in closer proximity to the data and might yield significant benefits.
23
References
● On the Computational Practicality of Private Information Retrieval
● Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval
● Revisiting the Computational Practicality of Private Information Retrieval
● Protecting Data Privacy in Private Information Retrieval Schemes
24
25