Subscribe

Issue No.05 - May (2013 vol.25)

pp: 1125-1134

Xun Yi , Victoria University, Melbourne

Mohammed Golam Kaosar , Victoria University, Melbourne

Russell Paulet , Victoria University, Melbourne

Elisa Bertino , Purdue University, West Lafayette

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2012.90

ABSTRACT

Private Information Retrieval (PIR) allows a user to retrieve the $(i)$th bit of an $(n)$-bit database without revealing to the database server the value of $(i)$. In this paper, we present a PIR protocol with the communication complexity of $(O(\gamma \log n))$ bits, where $(\gamma)$ is the ciphertext size. Furthermore, we extend the PIR protocol to a private block retrieval (PBR) protocol, a natural and more practical extension of PIR in which the user retrieves a block of bits, instead of retrieving single bit. Our protocols are built on the state-of-the-art fully homomorphic encryption (FHE) techniques and provide privacy for the user if the underlying FHE scheme is semantically secure. The total communication complexity of our PBR is $(O(\gamma \log m+\gamma n/m))$ bits, where $(m)$ is the number of blocks. The total computation complexity of our PBR is $(O(m\log m))$ modular multiplications plus $(O(n/2))$ modular additions. In terms of total protocol execution time, our PBR protocol is more efficient than existing PBR protocols which usually require to compute $(O(n/2))$ modular multiplications when the size of a block in the database is large and a high-speed network is available.

INDEX TERMS

Protocols, Encryption, Servers, Complexity theory, Indexes, fully homomorphic encryption, Private information retrieval, private block retrieval

CITATION

Xun Yi, Mohammed Golam Kaosar, Russell Paulet, Elisa Bertino, "Single-Database Private Information Retrieval from Fully Homomorphic Encryption",

*IEEE Transactions on Knowledge & Data Engineering*, vol.25, no. 5, pp. 1125-1134, May 2013, doi:10.1109/TKDE.2012.90REFERENCES

- [1] C. Aguilar-Melchor and P. Gaborit, "A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol,"
Proc. Western European Workshop Research in Cryptology (WEWORC '07), 2007.- [2] C. Aguilar-Melchor and P. Gaborit, "A Fast Private Information Retrieval Protocol,"
Proc. IEEE Int'l Symp. Information Theory (ISIT '08), 2008.- [3] C. Aguilar-Melchor, P. Gaborit, and J. Herranz, "Additively Homomorphic Encryption with D-Operand Multiplications," http://eprint.iacr.org/2008378, 2013.
- [4] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, "Fully Homomorphic Encryption without Bootstrapping," http://eprint. iacr.org/2011277, 2013.
- [5] Z. Brakerski and V. Vaikuntanathan, "Efficient Fully Homomorphic Encryption from (Standard) LWE," http://eprint. iacr.org/2011344, 2013.
- [6] G. Brassard, C. Crepeau, and J.M. Robert, "All-or-Nothing Disclosure of Secrets,"
Proc. Advances in Cryptology (CRYPTO '86) pp. 234-238, 1986.- [7] C. Cachin, S. Micali, and M. Stadler, "Computationally Private Information Retrieval with Polylogarithmic Communication,"
Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 402-414, 1999.- [8] Y.C. Chang, "Single Database Private Information Retrieval with Logarithmic Communication,"
Proc. Ninth Australasian Conf. Information Security and Privacy (ACISP '04), pp. 50-61, 2004.- [9] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, "Private Information Retrieval,"
Proc. IEEE 36th Ann. Conf. Foundations of Computer Science, pp. 41-50, 1998.- [10] G.D. Crescenzo, T. Malkin, and R. Ostrovsky, "Single-Database Private Information Retrieval Implies Oblivious Transfer,"
Proc. 19th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '00), pp. 122-138, 2000.- [11] I. Damgard and M. Jurik, "A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System,"
Proc. Fourth Int'l Workshop Practice and Theory in Public Key Cryptography (PKC '01), pp. 119-136, 2001.- [12] M. Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, "Fully Homomorphic Encryption over the Integers,"
Proc. 29th Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT '10), pp. 24-43, 2010.- [13] S. Even, O. Goldreich, and A. Lempel, "A Randomized Protocol for Signing Contracts,"
Comm. ACM, vol. 28, no. 6, pp. 637-647, 1985.- [14] C. Gentry and Z. Ramzan, "Single Database Private Information Retrieval with Constant Communication Rate,"
Proc. 32nd Int'l Colloquium on Automata, Languages and Programming (ICALP '05), pp. 803-815, 2005.- [15] C. Gentry, "Fully Homomorphic Encryption Scheme," PhD thesis, Stanford Univ., manuscript, http://crypto.stanford.educraig, 2009.
- [16] C. Gentry, "Fully Homomorphic Encryption Using Ideal Lattices,"
Proc. 41st ACM Ann. Symp. Theory of Computing (STOC '09), pp. 169-178, 2009.- [17] C. Gentry, "Computing Arbitrary Functions of Encrypted Data,"
Comm. ACM, vol. 53, no. 3, pp. 97-105, 2010.- [18] C. Gentry, "Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness,"
Proc. 30th Ann. Conf. Advances in Cryptology (CRYPTO '10), pp. 116-137, 2010.- [19] C. Gentry and S. Halevi, "Implementing Gentry's Fully-Homomorphic Encryption Scheme,"
Proc. 30th Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT '11), 2011.- [20] http:/gmplib.org/, 2013.
- [21] O. Goldreich and L. Levin, "A Hard Predicate for all One-Way Functions,"
Proc. ACM 21st Ann. Symp. Theory of Computing (STOC '89), pp. 23-32, 1989.- [22] S. Goldwasser and S. Micali, "Probabilistic Encryption,"
J. Computer and Systems Sciences, vol. 28, no. 2, pp. 270-299, 1984.- [23] E. Kushilevitz and R. Ostrovsky, "Replication is Not Needed: Single Database, Computationally-Private Information Retrieval,"
Proc. IEEE 38th Ann. Symp. the Foundations of Computer Science, pp. 364-373, 1997.- [24] E. Kushilevitz and R. Ostrovsky, "One-Way Trapdoor Permutations Are Sufficient for Non-Trivial Single-Server Private Information Retrieval,"
Proc. 19th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '00), pp. 104-121, 2000.- [25] H. Lipmaa, "An Oblivious Transfer Protocol with Log-Squared Communication,"
Proc. Eighth Information Security Conf., pp. 314-328, 2005.- [26] H. Lipmaa, "First CPIR Protocol with Data-Dependent Computation,"
Proc. 12th Int'l Conf. Information Security and Cryptology (ICISC '09), pp. 193-210, 2009.- [27] M. Naor and M. Yung, "Universal One-Way Hash Functions and Their Cryptographic Applications,"
Proc. ACM 21st Ann. Symp. Theory of Computing (STOC '89), pp. 33-43, 1989.- [28] M. Naor and B. Pinkas, "Oblivious Transfer and Polynomial Evaluation,"
Proc. ACM 31st Ann. Symp. Theory of Computing (STOC '99), pp. 245-254, 1999.- [29] F. Olumofin and I. Goldberg, "Revisiting the Computational Practicality of Private Information Retrieval," Technical Report CACR 2010-17, Univ. of Waterloo, 2010.
- [30] R. Ostovsky and W.E. SkeithIII, "A Survey of Single-Database PIR: Techniques and Applications,"
Proc. 10th Int'l Conf. Practice and Theory in Public (PKC '07), pp. 393-411, 2007.- [31] P. Paillier, "Public Key Cryptosystems Based on Composite Degree Residue Classes,"
Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 223-238, 1999.- [32] S. Pohlig and M. Hellman, "An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance,"
IEEE Trans. Information Theory, vol. 24, no. 1, pp. 106-110, Jan. 1978.- [33] M.O. Rabin, "How to Exchange Secrets by Oblivious Transfer," Technical Report TR-81, Aiken Computation Laboratory, Harvard Univ., 1981.
- [34] T. Sander, A. Young, and M. Yung, "Non-Interactive Cryptocomputing for NC1,"
Proc. 40th Ann. Symp. Foundations of Computer Science, pp. 554-567, 1999.- [35] N. Smart and F. Vercauteren, "Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes,"
Proc. 13th Int'l Conf. Practice and Theory in Public Key Cryptography (PKC '10), pp. 420-443, 2010.- [36] D. Stehle and R. Steinfeld, "Faster Fully Homomorphic Encryption,"
Proc. Advances in Cryptology (ASIACRYPT '10), pp. 377-394, 2010. |