Publicly accessible databases are an indispensable resource for retrieving up to date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the users ' intentions are to be kept secret, users are often cautious about accessing the database. It can be shown that when accessing a single database, to completely guarantee the privacy of the user, the whole database should be downloaded, namely n bits should be communicated (where n is the number of bits in the database). In this work, we investigate whether by replicating the database, more efficient solutions to the private retrieval problem can be obtained. We describe schemes that enable a user to access k replicated copies of a database (k * 2) and privately retrieve information stored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. Our schemes use the replication to gain substantial saving. In particular, we have ffl A two database scheme with communication complexity of O(n1=3). ffl A scheme for a constant number, k, of databases with communication complexity O(n1=k). ffl A scheme for 13 log2 n databases with polylogarithmic (in n) communication complexity.

We establish the following, quite unexpected, result: replication of data for the computational Private Information Retrieval problem is not necessary. More specifically, based on the quadratic residuosity assumption, we present a single database, computationally-private information-retrieval scheme with O(n ffl ) communication complexity for any ffl ? 0.

Private Information Retrieval (PIR) schemes allow a user to retrieve the i-th bit of an n-bit data string x, replicated in k 2 databases (in the information-theoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity.

We construct a scheme for private information retrieval with k databases and communication complexity O(n 1=(2k\Gamma1) ). 1 Introduction Much attention has been given to the problem of protecting a database from the user that tries to retrieve the information that he is not allowed to access[2, 8, 12]. In some scenarios, the opposite problem can appear: a user wishes to retrieve some infomation from a database without revealing to the database what information he needs. For example[7], an investor wishes to receive information about certain stock but he does not wishe others (even the database) to know in which particular stock he is interesed. However, there is only one way to reach complete privacy: the user should ask for the copy of entire database. Otherwise, the database will get some information what the user wishes to know. This is not a good solution because it requires much time and much communiction from the database to the user. If there are several identical copies ...

A Single-Database Private Information Retrieval (PIR) is a protocol that allows a user to privately retrieve from a database an entry with as small as possible communication complexity. We call a PIR protocol non-trivial if its total communication is strictly less than the size of the database. Non-trivial PIR is an important cryptographic primitive with many applications. Thus, understanding which assumptions are necessary for implementing such a primitive is an important task, although (so far) not a well-understood one. In this paper we show that any non-trivial PIR implies Oblivious Transfer, a far better understood primitive. Our result not only significantly clarifies our understanding of any non-trivial PIR protocol, but also yields the following consequences: -- Any non-trivial PIR is complete for all two-party and multi-party secure computations.

Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sub-linear communication were suggested. However, in all these protocols the servers ’ computation for each retrieval is at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the model of PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomially-many information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a k-server protocol with O(n 1/(2k−1)) communication and O(n / log 2k−2 n) work, and for any constants k ≥ 2 and ɛ> 0 a k-server protocol with O(n 1/k+ɛ) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an off-line stage. 1

A private information retrieval scheme allows a user to retrieve a data item of his choice from a remote database (or several copies of a database) while hiding from the database owner which particular data item he is interested in. We consider the question of private information retrieval in the so-called "commodity-based" model, recently proposed by Beaver for practically-oriented service-provider internet applications. We present simple and modular schemes allowing to dramatically reduce the overall communication involving users, and substantially reduce their computation, using off-line messages sent from service-providers to databases and users. The service-providers do not need to know neither the database contents nor the future user's requests; all they need to know is an upper bound on the data size. Our solutions can be made resilient against collusions of databases with more than a majority (in fact, all-but-one) of the service-providers.

Abstract. We show that general one-way trapdoor permutations are sufficient to privately retrieve an entry from a database of size n with total communication complexity strictly less than n. More specifically, we present a protocol in which the user sends O(K 2) bits and the server sends n − cn bits (for any constant c), where K is the security parameter K of the trapdoor permutations. Thus, for sufficiently large databases (e.g., when K = n ɛ for some small ɛ) our construction breaks the informationtheoretic lower-bound (of at least n bits). This demonstrates the feasibility of basing single-server private information retrieval on general complexity assumptions. An important implication of our result is that we can implement a 1-outof-n Oblivious Transfer protocol with communication complexity strictly less than n based on any one-way trapdoor permutation. 1

Keywords: In Private Information Retrieval (PIR), a user obtains one of N records from a server, without the server learning what record was requested. Recent research in “practical PIR ” has limited the players to the user and server and limited the user’s work to negotiating a session key (eg. as in SSL)— but then added a secure coprocessor to the server and required the secure coprocessor to encrypt/permute the dataset (and often gone ahead and built real systems). Practical PIR (PPIR) thus consists of trying to solve a privacy problem for a large dataset using the small internal space of the coprocessor. This task is very similar to the one undertaken by the older Oblivious RAMs work, and indeed the latest PPIR work uses techniques developed for Oblivious RAMs. Previous PPIR work had two limitations: the internal space required was still O(N lg N) bits, and records could only be read privately, not written. In this paper, we present a design and experimental results that overcome these limitations. We reduce the internal memory to O(lg N) by basing the pseudorandom permutation on a Luby-Rackoff style block cipher, and by redesigning the oblivious shuffle to reduce space requirements and avoid unnecessary work. This redesign yields both a time and a space savings. These changes expand the system’s applicability to larger datasets and domains such as private file storage. These results have been implemented for the IBM 4758 secure coprocessor platform, and are available for download. Private information retrieval and storage, oblivious RAM, permutation network, sorting network, luby-rackoff cipher2 1.

In today's age of information it is very important that, information about the information which you are seeking should not be leaked even to the server who is going to provide you the desired information. On the other hand, considering information as commodity, it is age old wisdom that one should get only as much as he pays. In this paper we essentially consider this problem and provide suitable solutions. Under a new number theoretic assumption, XOR Assumption, we give single-round symmetrically private information retrieval (SPIR) scheme for bit retrieval with communication complexity O(n...