下載/瀏覽Download
Download
Report
Transcript 下載/瀏覽Download
多媒體網路安全實驗室
Private Information Retrieval
Date:2010.8.11
Reporter:Chien-Wen Huang
出處: Journal of the ACM,Vol.45,No.6, November 1998, pp.965–982.
多媒體網路安全實驗室
Outline
1
Motivation、Introduction
2
Model、Definition & Discussion
3
Single Bit PIR Schemes
4
A BASIC TWO-SERVER SCHEME
35
Conclusions
多媒體網路安全實驗室
Motivation
Where did the need for PIR come from
Patent Databases
• If the patent server knows which patent the user is
interested in , this could cause a lot of problem
Pharmaceutical Databases
• To hide the plans of the company drug designers
buy the entire Pharmaceutical Database
多媒體網路安全實驗室
Introduction(1)
Consider a user makes a query to a database
A lot of research was devoted to methods to protect
the database against a curious user.
no methods to protect the privacy(before 1995).
if the user wants to keep its privacy
the only thing he can do is to ask for a copy of the
whole database.
it is unacceptable!!
多媒體網路安全實驗室
Non-Private Protocol(traditional)
Query:
i
x=x1,x2 , . . .,xn
Answer:
xi
User
Sever
NO privacy!!
Communication: logn
多媒體網路安全實驗室
Introduction(2)
Server(k 2):hold n-bits string x = x1, x2,,..,xn
(n is very large)
User: wishes
To retrieve xi
To keep i private
多媒體網路安全實驗室
Introduction(3)
Two server scheme with communication complexity
O(n1/3)
Scheme of k servers with communication
complexity O(n1/k) O(n1/(2k-1))
A scheme for 1/ 3 log 2 n 1 servers with total
communication complexity
1 / 3(1 o(1)) log 22 n log 2 log 2 (2n)
(by reference in Private Information Retrieve 36th IEEE
FOCS,pp.41~50,1995)
多媒體網路安全實驗室
Model、Definition & Discussion
Definition: k-servers of PIR
k query functions Q1,…,Qk : [ n] {0,1}
k answer functions, A1,…,Ak :
l
l
{0,1}n {0,1} q {0,1} q
a reconstruction function ,R :
l rn d
{0,1}
[n] {0,1}n {0,1}lrn d ({0,1}la ) k {0,1}
These functions satisfy Correctness & Privacy
lq
多媒體網路安全實驗室
Correctness : For every x {0,1} , i [n] , r {0,1}
n
rnd
R(i, r, A1 ( x,Q1 (i,r )) ,..., Ak ( x,Qk (i,r ))) = xi
Privacy : For every i, j [n] , s [k ] , q {0,1}
lq
Pr(Qs (i, r ) q) Pr(Qs ( j , r ) q)
l
the probabilities are taken over uniformly chosen r {0,1} rnd
多媒體網路安全實驗室
Single Server PIR
Can not guess!!
i {1,..., m}
{1,2,..i.., m}
x=x1,x2 , . . .,xm {0,1}n {x1 ,..xi ,.., xm }
User
Sever
多媒體網路安全實驗室
Single Bit PIR Schemes
Notation : the following notations throughout the paper
U: a (generic) user
SRV1,…,SRVk : the servers
n
{
0
,
1
}
x = x1,…,xn : a string in
,known to each server
i : the index in x in which user is interested
[m] => {1,2,3,..., m}
For a set S and an element a let
S a => S {a} if a S
=> S \ {a} if a S
多媒體網路安全實驗室
A BASIC TWO-SERVER SCHEME
The steps of the scheme are as below :
1. The user uniformly selects a random set S [n]
2. Then user sends S to SRV1 and S i to SRV2
3. Each server replies with a single bit which is the
Exclusive OR of the bits with indices from SRV1,2
(SRV1 replies with jS x j ,SRV2 replies with jS i x j )
4. The user all the answers
多媒體網路安全實驗室
A Basic Two-Server Scheme (Example)
User randomly choice S = {5,15,47}
(n=100,index i = 15, S i = {5,47})
(3) x5 x15 x47
(1) S ={5,15,47}
(2)
User
SRV1
S i ={5,47}
(4) x5 x47
SRV2
多媒體網路安全實驗室
User compute the desired bit xi
(SRV1) (SRV2)
( x5 x15 x47 ) ( x5 x47 )
( x5 x5 ) ( x47 x47 ) x15
0 0 x15
x15
多媒體網路安全實驗室
d=3
{(0,0,0),(1,1,0)}
#Codewords= k 2d /( d 1)
Total Communication= 2d (d 1)k n1/ d
多媒體網路安全實驗室
Conclusions
The schemes use the replication to gain
substantial saving.
In particular, we present a two-server
scheme with communication complexity
O(n1/3).
多媒體網路安全實驗室