On
Download
1 / 30

On - PowerPoint PPT Presentation


  • 153 Views
  • Uploaded on

On. Locally Decodable Codes. Self Correctable Codes. and. t-private PIR. Omer Barkol, Yuval Ishai and Enav Weinreb Technion, Israel. x ∈ {0,1} n. Private Information Retrieval. On. [CGKS95]. Locally Decodable Codes. Self Correctable Codes. Client. q. Server. and. A(q,x). i ∈[n].

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' On ' - chaney


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

On

Locally Decodable Codes

Self Correctable Codes

and

t-private PIR

Omer Barkol, Yuval Ishai and Enav Weinreb

Technion, Israel


x∈{0,1}n

Private Information Retrieval

On

[CGKS95]

Locally Decodable Codes

Self Correctable Codes

Client

q

Server

and

A(q,x)

i∈[n]

t-private PIR

P

I

R

i?

xi

Omer Barkol, Yuval Ishai and Enav Weinreb

Technion, Israel

Want: Correctness and privacy for the client

Communication: Only the trivial Ω(n) solution


k servers

A(q1,x)

q1

A(q2,x)

q2

x

x

x∈{0,1}n

t-private

Private Information Retrieval

P

I

k-server PIR

R

[CGKS95]

Client

i

t servers

xi

i?


Best known

t-private

PIR


C

k-query LDC

C:{0,1}n→{0,1}m

k-server PIR

logm query bits

1 bit answer

[KT00]

On

Locally Decodable Codes

C:{0,1}n→{0,1}m(n)

is a k-LDC

Self Correctable Codes

encoding C(x)

message x

and

i

k

t-private PIR

Randomized Decoder D

xi

Omer Barkol, Yuval Ishai and Enav Weinreb

Technion, Israel



C

systematic

linear k-query SCC

C:{0,1}n→{0,1}m

linear k-query LDC

C:{0,1}n→{0,1}m

k-LDC

On

C:{0,1}n→{0,1}m(n)

is a k-SCC

Locally Decodable Codes

message x

encoding C(x)

Self Correctable Codes

k

j

and

Randomized Corrector M

t-private PIR

C(x)j

Omer Barkol, Yuval Ishai and Enav Weinreb

Technion, Israel



RM SCC upper bound

Yek07 LDC upper bound

LDC lower bound

Main Problems

Closing the gap between:

  • 1-private and t-private PIR

  • LDC and SCC


Talk Outline

Notions and current state

Our contributions: highlights

Our contributions: technical details

Summary and open issues


1-private k-server PIR

1-private k-server SRPIR

t-private kt-server PIR

t-private kt-server PIR

Our Contributions (1)

Communication preserving transformations

k-LDC

k-SCC


Best known t-private PIR

ktservers

?


Closing the gap of LDC vs. SCC

Closing the question on t-private PIR

RM SCC upper bound

Yek07 LDC upper bound

LDC lower bound

Main Problems

Closing the gap between:

  • 1-private and t-private PIR

  • LDC and SCC


Our Contributions (2)

Linear SCC vs. Combinatorial designs

Based on Hamada’sConjecture (1973):

Evidence for difficulty of progress on the LDC vs. SCC question



Talk Outline

Notions and current state

Our contributions: highlights

Our contributions: technical details

Summary and open issues


1-private k-server PIR

t-private kt-server PIR

1-private PIR  t-private PIR

k-LDC


q1(i1)

q2(i1)

q3(i1)

q1(i2)

S1,1

S1,2

S1,3

i1? i?

S2,1

S2,2

S2,3

q2(i2)

S3,1

S3,2

S3,3

q3(i2)

A

A1

A1

A2

A2

A

A3

A

A3

X<<1

X<<2

X<<i2

X<<n-1

1-private 3-server PIR to

2-private 32-server PIR

i

i ≡ i1 + i2

Xi1+i2=Xi

i1

i

X=X<<0

X

i2? i?


1-private k-server SRPIR

t-private kt-server PIR

1-private PIR  t-private PIR

k-SCC

t(k-1)+1


q3

q1

q2

S1

S1

S2

S2

S3

S3

q31

q33

q32

A(q1,x)

A(q2,x)

A(q3,x)

q11

q23

q12

q22

q12

q13

1-private 3-server SRPIR to

2-private 5-server PIR

i

X

xi

S?

S1

S?

S4

S5

S?

S?

S2

S3

S?

S?

S5

NO

Threshold 3-out-of-5 circuit using only Threshold 2-out-of-3 gates


Threshold

3-out-of-5

1-private 3-server SRPIR to

2-private 2(3-1)+1=5-server PIR

i

X

S1

S2

S3

S4

S5

Threshold 3-out-of-5 circuit using only Threshold 2-out-of-3 gates

Threshold (t+1)-out-of-t(k-1)+1 circuit using only Threshold 2-out-of-k gates


1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Combinatorial designs

2-(m,k,λ) design

m points

blocks: sets of k points

each 2 points appear together in λblocks

2-(24,4,1) design


Example: lines in F172 design

2-(172,17,1) design

Points: GF(17)2 =F172

Blocks: points on a line


1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Low rank designs  good SCC

2-(m,k,λ) design with p-rank r

C= span

C⊥:Fpm-r→Fpm is a (k-1)-SCC


Reed-Muller SCCs

are optimal

Hamada’s

conjecture

Hamada’s Conjecture (‘73):The 2-(pr,p,1) design that stems from the lines in Fprhas the smallest p-rank of all the designs with the sameparameters.

the support of the low-weight words of the Reed-Muller code


Generalized

conjecture

Reed-Muller SCCs

are “essentially

optimal”

Generalization of the conjecture:

Relaxation in the following senses

  • dimension (rather than rank)

  • over different fields (i.e. q-dimension)

  • almost designs


Talk Outline

Notions and current state

Our contributions: highlights

Our contributions: technical details

Summary and open issues


Summary

  • Substantial improvement of best t-private PIR

    1-private PIR ⇨ t-private PIR

    • t-private version of Yekhanin’s protocol

  • Interesting connection: SCC and t-private PIR

    Better SCC ⇨ better t-private PIR

    • SCC=LDC ⇨ 1-private=t-private PIR

  • Intriguing connection: SCC and p-rankdesigns

    Prove known SCC optimal ⇨ Hamada’s conjecture


RM SCC upper bound

Yek07 LDC upper bound

LDC lower bound

SCC lower bound

OpenIssues

  • Better t-private PIR

    • Extend Yek07 to 2-private 5-server PIR? … or even 2-private 8-server PIR?

  • LDC vs. SCC

    • Better SCC than Reed-Muller based

      e.g. 3-SCC of length 2o(√n) const. size alphabet

    • Better Lower bounds on SCC

      separate SCC from LDC

      or even super-polynomial lower bounds on SCC



ad