1 / 17

Revisiting the Computational Practicality of Private Information Retrieval⋆

Revisiting the Computational Practicality of Private Information Retrieval⋆. Femi Olumofin and Ian Goldberg Cheriton School of Computer Science University of Waterloo (2011). Presented by Santiago Vera . Roadmap. Results from the Previous Paper The Goal Introduction & Preliminaries

arvid
Download Presentation

Revisiting the Computational Practicality of Private Information Retrieval⋆

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Revisiting the Computational Practicality of Private Information Retrieval⋆ Femi Olumofin and Ian Goldberg Cheriton School of Computer Science University of Waterloo (2011) Presented by Santiago Vera

  2. Roadmap • Results from the Previous Paper • The Goal • Introduction & Preliminaries • Related Work • Efficient Single-server PIR (LPIR-A) |Aguilar-Melchor| • Multi-server PIR -First Scheme (MPIR-C) |Chor et al| -Second Scheme (MPIR-G) |Goldberg| -Response Time Measurement Experiment • Comparing the Trivial and Non-Trivial PIR Schemes • Conclusions

  3. Results from the Previous Paper • Explore S-S PIR for client access privacy. • S-S PIR protocol is slower than the trivial transfer of the dB to the client. (Past, Present, Future) • Explore scenarios where S-S PIR protocol my become useful. (high limited bandwidth)

  4. The Goal: • Extendand clarifythe results in the previous paper “On the Computational Practicality of Private Information Retrieval” by Sion, R. & Carbunar, B. since for M-S & new S-S schemes , their results not heavily rely on number theory. • Performance analysis S-S lattice-based scheme [1,2] and 2 M-S Info-Theory PIR schemes [7], [16].

  5. Introduction 1. Data Indices, Search Keywords, orStructured Queries 2. Requirement for user-centric/privacy-preserving systems 3. PIR Provides a mean of retrieval that guarantees access privacy, by preventing the database admin from being able to learn any info about which particular item was retrieved. 4. OR and Mix Networks  anonymity of users only PIR  content of the queries

  6. Introduction • According to [7], trivial PIR scheme has optimal comm complexity with S-S. • However, a solution of multi-server PIR schemes with sub-linear comm complexity, non- colluding multiple servers hold copies of the dB Scheme bits n=size of the DB, is the # of servers

  7. Is not clear whether the conclusions of Sion and Carbunar also apply to multi-server PIR schemes • M-S PIR schemes will continue to guarantee security and privacy without requiring key size changes (hardware&networks)

  8. How to achieve the Goal? Analytical and experimental techniques: 1. Performance analysis S-S lattice-based scheme [1,2] by using cheaper operations than modular multiplication. (linear algebra (lattices)) 2. 2 M-S Info-Theory PIR schemes [7], [16], no requirement of costly modular arithmetic. Derive upper-bound for query round-trip response times. (2 to 3 orders of magnitude smaller that the trivial PIR)

  9. Preliminaries • Hardware= 2 quad-core/less than $8,000 • Network=Table 1 • Modular Mult= Multi-core CPUs. Measure the time directly by using the Key size from NIST[22]. (1536 bits) • Projections = Moore’s Law : 60% vs. 50% of Nielsen’s Law. Computing capabilities favor Multi-server PIR Schemes rather than S-S PIR schemes

  10. Related Work In PIR schemes: • Comm complexity between the User and Server (s) is the most expensive resource. • Barriers: computational requirement. • Compare Bandwidth cost of trivial PIR to the computation and bandwidth cost of a S-S computational PIR scheme. (Sion&Carbonar) “more efficient”

  11. Efficient S-S PIR (LPIR-A) • By Aguilar-Melchor, most efficient S-S PIR scheme Every PIR scheme consist 3 basic algorithms: Query generation (C) Response encoding (S) Response decoding (C)

  12. Multi-server PIR • Performance analyses of 2 Multi-server PIR scheme [Chor et al.,7], [Goldberg ,16] • Overview of 2 and then compare with S-S schemes and trivial PIR scheme. • [Chor et al.] simplicity & first PIR protocol invented and [Goldberg,16] easy to understand and source availability (Percy++) • User’s privacy=no collusion of servers - DNS -TOR & Anonymous remailers.

  13. First Scheme (MPIR-C)

  14. Second Scheme (MPIR-G) • Similar to the First Scheme (XOR) • Shamir Secret sharing (Ei L ) (2)

  15. Response Time Measurement Experiment

  16. Comparing the Trivial and Non-Trivial PIR Schemes Non-trivial PIR schemes: • The data is tiny vs. size of the dB Comparison with Trivial PIR scheme: LPIR –A is over 10 times faster MPIR-G is 4 times faster MPIR-C is over 10 times faster M-S PIR schemes will become faster than trivial scheme.

  17. Conclusions • Reexamine the computational practicality of PIR • LPIR – A an order of magnitude more efficient than trivial PIR. • 2 M-S PIR schemes to be a further 1 to 2 orders of magnitude more efficient. • This work can help to decide to use PIR or trivial schemes in real world situations, based on computing and network limitations.

More Related