TY - GEN
T1 - Share conversion and private information retrieval
AU - Beimel, Amos
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Orlov, Ilan
PY - 2012/9/26
Y1 - 2012/9/26
N2 - An information-theoretic {\em private information retrieval} (PIR) protocol allows a client to retrieve the i-th bit of a database, held by two or more servers, without revealing information about i to any individual server. Information-theoretic PIR protocols are closely related to {\em locally decodable codes} (LDCs), which are error correcting codes that can simultaneously offer a high level of robustness and sub linear-time decoding of each bit of the encoded message. Recent breakthrough results of Yekhanin (STOC 2007) and Efremenko (STOC 2009) have led to a dramatic improvement in the asymptotic complexity of PIR and LDC. We suggest a new "cryptographic" perspective on these recent constructions, which is based on a general notion of {\em share conversion} in secret-sharing schemes that may be of independent interest. Our new perspective gives rise to a clean framework which unifies previous constructions and generalizes them in several directions. In a nutshell, we use the following two-step approach: (1) apply {\em share conversion} to get a low-communication secure multiparty computation protocol \cal P for a nontrivial class \cal F of low-depth circuits, (2) use a lower bound on the {\em VC dimension} of \cal F to get a good PIR protocol from \cal P. Our framework reduces the task of designing good PIR protocols to that of finding powerful forms of share conversion which support circuit classes of a high VC dimension. Motivated by this framework, we study the general power of share conversion and obtain both positive and negative results. Our positive results improve the concrete complexity of PIR even for very feasible real-life parameters. They also lead to some improvements in the asymptotic complexity of the best previous PIR and LDC constructions. For 3-server PIR, we improve the asymptotic communication complexity from O(2 {146\sqrt{\log n\log\log n}}) to O(2 {6\sqrt{\log n\log\log n}}) bits, where n is the database size. Our negative results on share conversion establish some limitations on the power of our approach.
AB - An information-theoretic {\em private information retrieval} (PIR) protocol allows a client to retrieve the i-th bit of a database, held by two or more servers, without revealing information about i to any individual server. Information-theoretic PIR protocols are closely related to {\em locally decodable codes} (LDCs), which are error correcting codes that can simultaneously offer a high level of robustness and sub linear-time decoding of each bit of the encoded message. Recent breakthrough results of Yekhanin (STOC 2007) and Efremenko (STOC 2009) have led to a dramatic improvement in the asymptotic complexity of PIR and LDC. We suggest a new "cryptographic" perspective on these recent constructions, which is based on a general notion of {\em share conversion} in secret-sharing schemes that may be of independent interest. Our new perspective gives rise to a clean framework which unifies previous constructions and generalizes them in several directions. In a nutshell, we use the following two-step approach: (1) apply {\em share conversion} to get a low-communication secure multiparty computation protocol \cal P for a nontrivial class \cal F of low-depth circuits, (2) use a lower bound on the {\em VC dimension} of \cal F to get a good PIR protocol from \cal P. Our framework reduces the task of designing good PIR protocols to that of finding powerful forms of share conversion which support circuit classes of a high VC dimension. Motivated by this framework, we study the general power of share conversion and obtain both positive and negative results. Our positive results improve the concrete complexity of PIR even for very feasible real-life parameters. They also lead to some improvements in the asymptotic complexity of the best previous PIR and LDC constructions. For 3-server PIR, we improve the asymptotic communication complexity from O(2 {146\sqrt{\log n\log\log n}}) to O(2 {6\sqrt{\log n\log\log n}}) bits, where n is the database size. Our negative results on share conversion establish some limitations on the power of our approach.
KW - VC dimension
KW - constant-depth circuits
KW - locally decodable codes
KW - matching vectors
KW - private information retrieval
KW - secret-sharing
KW - secure multiparty computation
UR - http://www.scopus.com/inward/record.url?scp=84866508151&partnerID=8YFLogxK
U2 - https://doi.org/10.1109/CCC.2012.23
DO - https://doi.org/10.1109/CCC.2012.23
M3 - Conference contribution
SN - 9780769547084
T3 - Proceedings of the Annual IEEE Conference on Computational Complexity
SP - 258
EP - 268
BT - Proceedings - 2012 IEEE 27th Conference on Computational Complexity, CCC 2012
T2 - IEEE Computer Society Technical Committee on Mathematical Foundations of Computing
Y2 - 26 June 2012 through 29 June 2012
ER -