Paper 2007/392

Efficient Computationally Private Information Retrieval From Anonymity or Trapdoor Groups

Jonathan Trostle and Andy Parrish

Abstract

A Private Information Retrieval (PIR) protocol allows a database user, or client, to obtain information from a database in a manner that prevents the database from knowing which data was retrieved. Although substantial progress has been made in the discovery of computationally PIR (cPIR) protocols with reduced communication complexity, there has been relatively little work in reducing the computational complexity of cPIR protocols. In particular, Sion \cite{sion} argues that existing cPIR protocols are slower than the trivial PIR protocol (in overall performance). In this paper, we present a new family of cPIR protocols with a variety of security and performance properties. Our protocols enable much lower CPU overhead for the database server. When the database is viewed as a bit sequence, only addition operations are performed by the database server. We can view our protocol as a middle ground between the trivial protocol (fastest possible computational complexity and slowest possible communication complexity) and protocols such as Gentry-Ramzan \cite{gentry} (fast communication complexity but slower computational complexity). This middle ground enjoys a much better overall performance. The security of the general version of our protocol depends on either a trapdoor group assumption or sender anonymity \cite{pfitzmann}, and we present two specialized versions, the first of which depends on the trapdoor group assumption, and the second which depends on the sender anonymity assumption. We may view both Gentry-Ramzan and our cPIR protocol as instances of a more general new construct: the \textit{trapdoor group}. In a trapdoor group, knowledge of the trapdoor allows efficient computation of an inversion problem, such as computing discrete logarithms. Without the trapdoor, it is computationally hard to solve the inversion problem. For our protocol, we assume, roughly speaking, that given only the elements $be_1, \ldots, be_t$ in the group $\Z_m$, where $e_i < m/t$ and t is small, it is hard to compute low order bits of the group order $m$. One version of our cPIR protocol depends only on sender anonymity, which to our knowledge, is the first cPIR protocol to depend only on an anonymity assumption. Our prototype implementation shows that our performance compares favorably with existing cPIR protocols.

Note: Technical revision.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Private Information Retrieval
Contact author(s)
jonathan trostle @ jhuapl edu
History
2009-06-30: revised
2007-10-14: received
See all versions
Short URL
https://ia.cr/2007/392
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/392,
      author = {Jonathan Trostle and Andy Parrish},
      title = {Efficient Computationally Private Information Retrieval From Anonymity or Trapdoor Groups},
      howpublished = {Cryptology ePrint Archive, Paper 2007/392},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/392}},
      url = {https://eprint.iacr.org/2007/392}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.