Results 1  10
of
23
Private Information Retrieval
, 1997
"... Publicly accessible databases are an indispensable resource for retrieving up to date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the users ' i ..."
Abstract

Cited by 415 (11 self)
 Add to MetaCart
Publicly accessible databases are an indispensable resource for retrieving up to date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the users ' intentions are to be kept secret, users are often cautious about accessing the database. It can be shown that when accessing a single database, to completely guarantee the privacy of the user, the whole database should be downloaded, namely n bits should be communicated (where n is the number of bits in the database). In this work, we investigate whether by replicating the database, more efficient solutions to the private retrieval problem can be obtained. We describe schemes that enable a user to access k replicated copies of a database (k * 2) and privately retrieve information stored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. Our schemes use the replication to gain substantial saving. In particular, we have ffl A two database scheme with communication complexity of O(n1=3). ffl A scheme for a constant number, k, of databases with communication complexity O(n1=k). ffl A scheme for 13 log2 n databases with polylogarithmic (in n) communication complexity.
Reducing the servers' computation in private information retrieval: Pir with preprocessing
 In CRYPTO 2000
, 2000
"... Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols wi ..."
Abstract

Cited by 45 (8 self)
 Add to MetaCart
Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sublinear communication were suggested. However, in all these protocols the servers ’ computation for each retrieval is at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the model of PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomiallymany information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a kserver protocol with O(n 1/(2k−1)) communication and O(n / log 2k−2 n) work, and for any constants k ≥ 2 and ɛ> 0 a kserver protocol with O(n 1/k+ɛ) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an offline stage. 1
Robust InformationTheoretic Private Information Retrieval
 Proc. of the 28th International Colloquium on Automata, Languages and Programming, volume 2076 of Lecture Notes in Computer Science
, 2002
"... A Private Information Retrieval (PIR) protocol allows a user to retrieve a data item of its choice from a database, such that the servers storing the database do not gain information on the identity of the item being retrieved. PIR protocols were studied in depth since the subject was introduced in ..."
Abstract

Cited by 42 (5 self)
 Add to MetaCart
A Private Information Retrieval (PIR) protocol allows a user to retrieve a data item of its choice from a database, such that the servers storing the database do not gain information on the identity of the item being retrieved. PIR protocols were studied in depth since the subject was introduced in Chor, Goldreich, Kushilevitz, and Sudan 1995. The standard definition of PIR protocols raises a simple question  what happens if some of the servers crash during the operation? How can we devise a protocol which still works in the presence of crashing servers? Current systems do not guarantee availability of servers at all times for many reasons, e.g., crash of server or communication problems. Our purpose is to design robust PIR protocols, i.e., protocols which still work correctly even if only k out of # servers are available during the protocols' operation (the user does not know in advance which servers are available). We present various robust PIR protocols giving different tradeoffs between the different parameters. These protocols are incomparable, i.e., for different values of n and k we will get better results using different protocols. We first present a generic transformation from regular PIR protocols to robust PIR protocols, this transformation is important since any improvement in the communication complexity of regular PIR protocol will immediately implicate improvement in the robust PIR protocol communication. We also present two specific robust PIR protocols. Finally, we present robust PIR protocols which can tolerate Byzantine servers, i.e., robust PIR protocols which still work in the presence of malicious servers or servers with corrupted or obsolete databases. 1
Approximating edit distance efficiently
 In Proc. FOCS 2004
, 2004
"... Edit distance has been extensively studied for the past several years. Nevertheless, no lineartime algorithm is known to compute the edit distance between two strings, or even to approximate it to within a modest factor. Furthermore, for various natural algorithmic problems such as lowdistortion e ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
Edit distance has been extensively studied for the past several years. Nevertheless, no lineartime algorithm is known to compute the edit distance between two strings, or even to approximate it to within a modest factor. Furthermore, for various natural algorithmic problems such as lowdistortion embeddings into normed spaces, approximate nearestneighbor schemes, and sketching algorithms, known results for the edit distance are rather weak. We develop algorithms that solve gap versions of the edit distance problem: given two strings of length n with the promise that their edit distance is either at most k or greater than ℓ, decide which of the two holds. We present two sketching algorithms for gap versions of edit distance. Our first algorithm solves the k vs. (kn) 2/3 gap problem, using a constant size sketch. A more involved algorithm solves the stronger k vs. ℓ gap problem, where ℓ can be as small as O(k 2)—still with a constant sketch—but works only for strings that are mildly “nonrepetitive”. Finally, we develop an n 3/7approximation quasilinear time algorithm for edit distance, improving the previous best factor of n 3/4 [5]; if the input strings are assumed to be nonrepetitive, then the approximation factor can be strengthened to n 1/3. 1.
Information Theory Methods in Communication Complexity
 In Proceedings of the 17th Annual IEEE Conference on Computational Complexity
, 2002
"... We use tools and techniques from information theory to study communication complexity problems in the oneway and simultaneous communication models. Our results include: (1) A tight characterization of multiparty oneway communication complexity for product distributions in terms of VCdimension an ..."
Abstract

Cited by 28 (7 self)
 Add to MetaCart
We use tools and techniques from information theory to study communication complexity problems in the oneway and simultaneous communication models. Our results include: (1) A tight characterization of multiparty oneway communication complexity for product distributions in terms of VCdimension and shatter coefficients; (2) An equivalence of multiparty oneway and simultaneous communication models for product distributions; (3) A suite of lower bounds for specific functions in the simultaneous communication model, most notably an optimal lower bound for the multiparty set disjointness problem of Alon et al. [AMS99] and for the generalized addressing function problem of Babai et al. [BGKL96] for arbitrary groups. Methodologically, our main contribution is rendering communication complexity problems in the framework of information theory. This allows us access to the powerful calculus of information theory and the use of fundamental principles such as Fano's inequality and the Maximum Likelihood Estimate Principle.
Boolean Circuits, Tensor Ranks, And Communication Complexity
 SIAM J. ON COMPUTING
, 1997
"... We investigate two methods for proving lower bounds on the size of small depth circuits, namely the approaches based on multiparty communication games and algebraic characterizations extending the concepts of the tensor rank and rigidity of matrices. Our methods are combinatorial, but we think that ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
We investigate two methods for proving lower bounds on the size of small depth circuits, namely the approaches based on multiparty communication games and algebraic characterizations extending the concepts of the tensor rank and rigidity of matrices. Our methods are combinatorial, but we think that the main contribution concerns the algebraic concepts used in this area (tensor ranks and rigidity). Our main results are following. (i) An o(n) bit protocol for a communication game for computing shifts, which also gives an upper bound of o(n 2 ) on the contact rank of the tensor of multiplication of polynomials; this disproves some earlier conjectures. A related probabilistic construction gives o(n) upper bound for computing all permutations and O(n log log n) upper bound on the communication complexity of pointer jumping with permutations. (ii) A lower bound on certain restricted circuits of depth 2 which are related to the problem of proving a superlinear lower bound on the size of ...
General Constructions for InformationTheoretic Private Information Retrieval
, 2003
"... A Private Information Retrieval (PIR) protocol enables a user to retrieve a data item from a database while hiding the identity of the item being retrieved; specifically, in a tprivate, kserver PIR protocol the database is replicated among k servers, and the user's privacy is protected from any co ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
A Private Information Retrieval (PIR) protocol enables a user to retrieve a data item from a database while hiding the identity of the item being retrieved; specifically, in a tprivate, kserver PIR protocol the database is replicated among k servers, and the user's privacy is protected from any collusion of up to t servers. The main costmeasure of such protocols is the communication complexity of retrieving asingle bit of data. This work addresses the informationtheoretic setting for PIR, where the user's privacy should be unconditionally protected against computationally unbounded servers. We present a general construction, whose abstract components can be instantiated to yield both old and new families of PIR protocols. Amain ingredient in the new protocols is a generalization of a solution by Babai, Kimmel, and Lokam for a communication complexity problem in the multiparty simultaneous messages model.Our protocols simplify and improve upon previous ones, and resolve some previous anomalies. In particular, we get: (1) 1private kserver PIR protocols with O(k3n1=(2k\Gamma 1)) communication bits, where n is the database size; (2) tprivate kserver protocols with O(n1=b(2k\Gamma 1)=tc) communication bits, for anyconstant integers k? t * 1; and (3) tprivate kserver protocols in which the user sends O(log n) bitsto each server and receives O(nt=k+ffl) bits in return, for any constant integers k? t * 1 and constant ffl? 0. The latter protocols have applications to the construction of efficient families of locally decodablecodes over large alphabets and to PIR protocols with reduced work by the servers.
Communication complexity of simultaneous messages
 SIAM Journal on Computing
"... In the multiparty communication game (CFLgame) of Chandra, Furst, and Lipton (Proc. 15th ACM STOC, 1983, 94–99) k players collaboratively evaluate a function f(x0,..., xk−1) in which player i knows all inputs except xi. The players have unlimited computational power. The objective is to minimize co ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
In the multiparty communication game (CFLgame) of Chandra, Furst, and Lipton (Proc. 15th ACM STOC, 1983, 94–99) k players collaboratively evaluate a function f(x0,..., xk−1) in which player i knows all inputs except xi. The players have unlimited computational power. The objective is to minimize communication. In this paper, we study the Simultaneous Messages (SM) model of multiparty communication complexity. The SM model is a restricted version of the CFLgame in which the players are not allowed to communicate with each other. Instead, each of the k players simultaneously sends a message to a referee, who sees none of the inputs. The referee then announces the function value. We prove lower and upper bounds on the SMcomplexity of several classes of explicit functions. Our lower bounds extend to randomized SM complexity via an entropy argument. A lemma establishing a tradeoff between average Hamming distance and range size for transformations of the Boolean cube might be of independent interest. Our lower bounds on SMcomplexity imply an exponential gap between the SMmodel and
Some Bounds on Multiparty Communication Complexity of Pointer Jumping
, 1996
"... We introduce the model of conservative oneway multiparty complexity and prove lower and upper bounds on the complexity of pointer jumping. The pointer jumping function takes as its input a directed layered graph with a starting node and k layers of n nodes, and a single edge from each node to one ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We introduce the model of conservative oneway multiparty complexity and prove lower and upper bounds on the complexity of pointer jumping. The pointer jumping function takes as its input a directed layered graph with a starting node and k layers of n nodes, and a single edge from each node to one node from the next layer. The output is the node reached by following k edges from the starting node. In a conservative protocol Player i can see only the node reached by following the first i \Gamma 1 edges and the edges on the jth layer for each j ? i (compared to the general model where he sees edges of all layers except for the ith one). In a oneway protocol, each player communicates only once: first Player 1 writes a message on the blackboard, then Player 2, etc., until the last player gives the answer. The cost is the total number of bits written on the blackboard. Our main results are the following bounds on kparty conservative oneway communication complexity of pointer jumping wit...