下載/瀏覽Download

Download Report

Transcript 下載/瀏覽Download 

多媒體網路安全實驗室
Private Information Retrieval
Date:2010.8.11
Reporter:Chien-Wen Huang
出處: Journal of the ACM,Vol.45,No.6, November 1998, pp.965–982.
多媒體網路安全實驗室
Outline
1
Motivation、Introduction
2
Model、Definition & Discussion
3
Single Bit PIR Schemes
4
A BASIC TWO-SERVER SCHEME
35
Conclusions
多媒體網路安全實驗室
Motivation
Where did the need for PIR come from
 Patent Databases
• If the patent server knows which patent the user is
interested in , this could cause a lot of problem
 Pharmaceutical Databases
• To hide the plans of the company drug designers
buy the entire Pharmaceutical Database
多媒體網路安全實驗室
Introduction(1)
Consider a user makes a query to a database
 A lot of research was devoted to methods to protect
the database against a curious user.
 no methods to protect the privacy(before 1995).
if the user wants to keep its privacy
 the only thing he can do is to ask for a copy of the
whole database.
it is unacceptable!!
多媒體網路安全實驗室
Non-Private Protocol(traditional)
Query:
i
x=x1,x2 , . . .,xn
Answer:
xi
User
Sever
NO privacy!!
Communication: logn
多媒體網路安全實驗室
Introduction(2)
Server(k 2):hold n-bits string x = x1, x2,,..,xn
(n is very large)
 User: wishes
 To retrieve xi
 To keep i private
多媒體網路安全實驗室
Introduction(3)
 Two server scheme with communication complexity
O(n1/3)
 Scheme of k servers with communication
complexity O(n1/k)  O(n1/(2k-1))
A scheme for 1/ 3 log 2 n  1 servers with total
communication complexity
1 / 3(1  o(1))  log 22 n  log 2 log 2 (2n)
(by reference in Private Information Retrieve 36th IEEE
FOCS,pp.41~50,1995)
多媒體網路安全實驗室
Model、Definition & Discussion
Definition: k-servers of PIR
 k query functions Q1,…,Qk : [ n]  {0,1}
 k answer functions, A1,…,Ak :
l
l
{0,1}n  {0,1} q  {0,1} q
 a reconstruction function ,R :
l rn d
 {0,1}
[n]  {0,1}n  {0,1}lrn d  ({0,1}la ) k  {0,1}
These functions satisfy Correctness & Privacy
lq
多媒體網路安全實驗室
Correctness : For every x {0,1} , i  [n] , r {0,1}
n

rnd
R(i, r, A1 ( x,Q1 (i,r )) ,..., Ak ( x,Qk (i,r ))) = xi
Privacy : For every i, j  [n] , s  [k ] , q {0,1}
lq
 Pr(Qs (i, r )  q)  Pr(Qs ( j , r )  q)
l
 the probabilities are taken over uniformly chosen r  {0,1} rnd
多媒體網路安全實驗室
Single Server PIR
Can not guess!!
i  {1,..., m}
{1,2,..i.., m}
x=x1,x2 , . . .,xm  {0,1}n {x1 ,..xi ,.., xm }
User
Sever
多媒體網路安全實驗室
Single Bit PIR Schemes
Notation : the following notations throughout the paper
 U: a (generic) user





SRV1,…,SRVk : the servers
n
{
0
,
1
}
x = x1,…,xn : a string in
,known to each server
i : the index in x in which user is interested
[m] => {1,2,3,..., m}
For a set S and an element a let
S a => S {a} if a S
=> S \ {a} if a  S
多媒體網路安全實驗室
A BASIC TWO-SERVER SCHEME
The steps of the scheme are as below :
1. The user uniformly selects a random set S  [n]
2. Then user sends S to SRV1 and S  i to SRV2
3. Each server replies with a single bit which is the
Exclusive OR of the bits with indices from SRV1,2
(SRV1 replies with  jS x j ,SRV2 replies with  jS i x j )
4. The user all the answers
多媒體網路安全實驗室
A Basic Two-Server Scheme (Example)
 User randomly choice S = {5,15,47}
(n=100,index i = 15, S  i = {5,47})
(3) x5 x15 x47
(1) S ={5,15,47}
(2)
User
SRV1
S  i ={5,47}
(4) x5 x47
SRV2
多媒體網路安全實驗室
User compute the desired bit xi
 (SRV1) (SRV2)
 ( x5  x15  x47 )  ( x5  x47 )
 ( x5  x5 )  ( x47  x47 )  x15
 0  0  x15
 x15
多媒體網路安全實驗室
d=3
{(0,0,0),(1,1,0)}
#Codewords= k  2d /( d  1)
Total Communication= 2d  (d  1)k  n1/ d
多媒體網路安全實驗室
Conclusions
The schemes use the replication to gain
substantial saving.
In particular, we present a two-server
scheme with communication complexity
O(n1/3).
多媒體網路安全實驗室