## Protecting Data Privacy in Private Information Retrieval Schemes (0)

### Cached

### Download Links

- [www.cs.technion.ac.il]
- [eprint.iacr.org]
- [www.ussrback.com]
- [theory.lcs.mit.edu]
- [www.cs.technion.ac.il]
- DBLP

### Other Repositories/Bibliography

Venue: | JCSS |

Citations: | 107 - 19 self |

### BibTeX

@INPROCEEDINGS{Gertner_protectingdata,

author = {Yael Gertner and Yuval Ishai and Eyal Kushilevitz and Tal Malkin},

title = {Protecting Data Privacy in Private Information Retrieval Schemes},

booktitle = {JCSS},

year = {},

pages = {151--160},

publisher = {ACM Press}

}

### Years of Citing Articles

### OpenURL

### Abstract

Private Information Retrieval (PIR) schemes allow a user to retrieve the i-th bit of an n-bit data string x, replicated in k 2 databases (in the information-theoretic setting) or in k 1 databases (in the computational setting), while keeping the value of i private. The main cost measure for such a scheme is its communication complexity.

### Citations

1766 | How to share a secret
- Shamir
(Show Context)
Citation Context ...et sharing [5, 20] relative to a corresponding access structure. Generalized secret sharing. The problem of generalized secret sharing is an extension of the usual notion of t-out-of-m secret sharing =-=[26-=-]. Informally, a generalized secret sharing protocol is a randomized protocol for sharing a secret into m shares such that the secret can be reconstructed from any qualied set of shares, whereas any c... |

673 | Completeness theorems for non-cryptographic fault-tolerant distributed computation - Ben-Or, Goldwasser, et al. - 1988 |

628 |
How to construct random functions
- Goldreich, Goldwasser, et al.
- 1986
(Show Context)
Citation Context ...", without extra communication [7, 28]. This allows the databases to save storage space and save on the amount of random bits they need to produce. We also remark that by using pseudorandom funct=-=ions [17]-=- it is possible for the databases, in each execution of the protocol, to directly 3 expand from the seed only the portion of the expanded string that is needed for this particular execution (without a... |

618 | Communication complexity - Kushilevitz, Nisan - 1997 |

604 |
How to generate cryptographically strong sequences of pseudorandom bits
- Blum, Micali
- 1984
(Show Context)
Citation Context ... strings with pseudo-random ones. More specically, the databases may share a short random seed from which longer shared pseudo-random strings can be generated \on thesy", without extra communicat=-=ion [7, 28]-=-. This allows the databases to save storage space and save on the amount of random bits they need to produce. We also remark that by using pseudorandom functions [17] it is possible for the databases,... |

516 |
Theory and applications of trapdoor functions
- Yao
- 1982
(Show Context)
Citation Context ... strings with pseudo-random ones. More specically, the databases may share a short random seed from which longer shared pseudo-random strings can be generated \on thesy", without extra communicat=-=ion [7, 28]-=-. This allows the databases to save storage space and save on the amount of random bits they need to produce. We also remark that by using pseudorandom functions [17] it is possible for the databases,... |

471 | A randomized protocol for signing contracts
- Even, Goldreich, et al.
- 1985
(Show Context)
Citation Context ...R for multi-bit records. Finally, an interesting observation is that the SPIR problem may be viewed as a distributed version of a known cryptographic primitive called n 1 -Oblivious-Transfer (OT) [2=-=5, 15, 8, -=-9]. An n 1 -OT protocol allows Bob to secretly choose one of n secret bits held by Alice, in a way that at the end of the protocol Bob learns only a single bit of his choice, and Alice learns nothin... |

431 | Multiparty unconditionally secure protocols - Chaum, Crépeau, et al. - 1988 |

415 | Private information retrieval
- Chor, Goldreich, et al.
- 1995
(Show Context)
Citation Context ...the players agree to reveal the secret. This work is concerned with the information-theoretic setting for SPIR. The techniques used in this work can also be applied to computational PIR schemes (c.f. =-=[11, 23, 10]-=-), in which the privacy requirement is relaxed to computational privacy (against computationally bounded databases). However, in this computational setting a better solution for realizing SPIR may be ... |

358 | The Complexity of Boolean Functions - Wegener - 1987 |

301 |
How to exchange secrets by oblivious transfer
- Rabin
- 1981
(Show Context)
Citation Context ...R for multi-bit records. Finally, an interesting observation is that the SPIR problem may be viewed as a distributed version of a known cryptographic primitive called n 1 -Oblivious-Transfer (OT) [2=-=5, 15, 8, -=-9]. An n 1 -OT protocol allows Bob to secretly choose one of n secret bits held by Alice, in a way that at the end of the protocol Bob learns only a single bit of his choice, and Alice learns nothin... |

233 | Founding cryptography on oblivious transfer - Kilian - 1988 |

223 | Computationally private information retrieval with polylogarithmic communication
- Cachin, Micali, et al.
- 1999
(Show Context)
Citation Context ...the players agree to reveal the secret. This work is concerned with the information-theoretic setting for SPIR. The techniques used in this work can also be applied to computational PIR schemes (c.f. =-=[11, 23, 10]-=-), in which the privacy requirement is relaxed to computational privacy (against computationally bounded databases). However, in this computational setting a better solution for realizing SPIR may be ... |

198 |
Oblivious Transfer and Polynomial Evaluation
- Naor, Pinkas
- 1999
(Show Context)
Citation Context ...axed to computational privacy (against computationally bounded databases). However, in this computational setting a better solution for realizing SPIR may be constructed using pseudo-random functions =-=[24, 14-=-]. We note that in addition to their theoretical signicance and their unconditional security, information theoretic schemes possess other advantages over known computational schemes; they are much mor... |

160 |
Hiding instances in multioracle queries
- Beaver, Feigenbaum
- 1990
(Show Context)
Citation Context ...e 2-database scheme B 2 from [12], also described below, which in turn serves as the basis for the recursive k-database scheme B k from [1]. The schemes B k and the polynomial interpolation scheme of =-=[12, 3]-=- are described later on, in the proofs of Theorems 6 and 7 respectively. Basic d-dimensional Cube Scheme: This is a PIR scheme for k = 2 d databases. Assume without loss of generality that the databas... |

147 |
Generalized Secret Sharing and Monotone Functions
- Benaloh, Leichter
- 1990
(Show Context)
Citation Context ... h. 3.2.1 Reduction to Generalized Secret Sharing In the following we show how to implement conditional disclosure of secrets under an arbitrary condition by reducing it to generalized secret sharing =-=[5, 20]-=- relative to a corresponding access structure. Generalized secret sharing. The problem of generalized secret sharing is an extension of the usual notion of t-out-of-m secret sharing [26]. Informally, ... |

119 | On span programs
- Karchmer, Wigderson
- 1993
(Show Context)
Citation Context ... she obtains no information on r 0 then she can obtain no information on s, and the theorem follows. 12 Remark 1. Using best known general upper bounds on the complexity of generalized secret sharing =-=[21-=-], the result of Theorem 2 can be strengthened to apply to any function h with a span program over GF(2) of size S (see [21] for a denition of the span program model). 3.2.2 Direct Constructions for S... |

114 |
Non-interactive zero-knowledge and its applications
- Blum, Feldman, et al.
- 1988
(Show Context)
Citation Context ...t grant them access to a shared random string, unknown to the user. A similar kind of extension has been studied before in the contexts of private computation [16, 18], non-interactive zero-knowledge =-=[6]-=- and other scenarios. Here, this extension 2 is particularly natural since, even in the basic PIR setting, databases are required to maintain identical copies of the same data string. (In the next sub... |

114 |
Secret sharing scheme realizing general access structure
- Ito, Saito, et al.
- 1987
(Show Context)
Citation Context ... h. 3.2.1 Reduction to Generalized Secret Sharing In the following we show how to implement conditional disclosure of secrets under an arbitrary condition by reducing it to generalized secret sharing =-=[5, 20]-=- relative to a corresponding access structure. Generalized secret sharing. The problem of generalized secret sharing is an extension of the usual notion of t-out-of-m secret sharing [26]. Informally, ... |

88 | Upper Bound on Communication Complexity of Private Information Retrieval
- Ambainis
(Show Context)
Citation Context ... small constant factor over the PIR scheme, and shared randomness complexity (per query) which is of the same order of magnitude as the communication complexity. In particular, extending schemes from =-=[12-=-, 1] we obtain: k-database SPIR scheme of complexity O(n 1=(2k 1) ) for any constant k 2; O(log n)-database SPIR scheme of complexity O(log 2 n log log n). Our schemes maintain the general paradig... |

73 | A zero-one law for boolean privacy - Chor, Kushilevitz - 1991 |

68 |
Information theoretic reductions among disclosure problems
- Brassard, Crépeau, et al.
- 1987
(Show Context)
Citation Context ...R for multi-bit records. Finally, an interesting observation is that the SPIR problem may be viewed as a distributed version of a known cryptographic primitive called n 1 -Oblivious-Transfer (OT) [2=-=5, 15, 8, -=-9]. An n 1 -OT protocol allows Bob to secretly choose one of n secret bits held by Alice, in a way that at the end of the protocol Bob learns only a single bit of his choice, and Alice learns nothin... |

39 | Oblivious transfers and intersecting codes
- Brassard, Crépeau, et al.
- 1996
(Show Context)
Citation Context |

34 | Private information storage - Ostrovsky, Shoup - 1997 |

32 |
How to share a secret”, Communication
- Shamir
- 1979
(Show Context)
Citation Context ...et sharing [5, 20] relative to a corresponding access structure. Generalized secret sharing. The problem of generalized secret sharing is an extension of the usual notion of t-out-of-m secret sharing =-=[26]-=-. Informally, a generalized secret sharing protocol is a randomized protocol for sharing a secret into m shares such that the secret can be reconstructed from any qualified set of shares, whereas any ... |

31 | Perfect Privacy for Two Party Protocols - Beaver - 1989 |

27 | Improved upper bounds on information-theoretic private information retrieval (extended abstract
- Ishal, Kushilevitz
(Show Context)
Citation Context ...th 2 databases; O(n 1=k ) bits with k 3 databases; and O(log 2 n log log n) bits with k = O(log n) databases. In [1] the k-database upper bound is improved to O(n 1=(2k 1) ) for any constant k (see [=-=19]-=- for improved dependence on k and generalization to t-privacy). The computational counterpart of PIR (i.e., schemes where the user-privacy is only with respect to polynomial-time databases, relying on... |

24 | Private simultaneous messages protocols with applications,” in Israel Symposium on Theory of Computing Systems
- Ishai, Kushilevitz
- 1997
(Show Context)
Citation Context ...ect interaction between the databases, but grant them access to a shared random string, unknown to the user. A similar kind of extension has been studied before in the contexts of private computation =-=[16, 18]-=-, non-interactive zero-knowledge [6] and other scenarios. Here, this extension 2 is particularly natural since, even in the basic PIR setting, databases are required to maintain identical copies of th... |

22 |
M.: A minimal model for secure computation (extended abstract
- Feige, Kilian, et al.
- 1994
(Show Context)
Citation Context ...ect interaction between the databases, but grant them access to a shared random string, unknown to the user. A similar kind of extension has been studied before in the contexts of private computation =-=[16, 18]-=-, non-interactive zero-knowledge [6] and other scenarios. Here, this extension 2 is particularly natural since, even in the basic PIR setting, databases are required to maintain identical copies of th... |

21 |
Single-database private information retrieval implies oblivious transfer
- Crescenzo, Malkin, et al.
- 2000
(Show Context)
Citation Context ...axed to computational privacy (against computationally bounded databases). However, in this computational setting a better solution for realizing SPIR may be constructed using pseudo-random functions =-=[24, 14-=-]. We note that in addition to their theoretical signicance and their unconditional security, information theoretic schemes possess other advantages over known computational schemes; they are much mor... |

18 |
Computationally private information retrieval with polylog communication
- Kushilevitz, Ostrovsky
- 1997
(Show Context)
Citation Context ...the players agree to reveal the secret. This work is concerned with the information-theoretic setting for SPIR. The techniques used in this work can also be applied to computational PIR schemes (c.f. =-=[11, 23, 10]-=-), in which the privacy requirement is relaxed to computational privacy (against computationally bounded databases). However, in this computational setting a better solution for realizing SPIR may be ... |

3 |
One-way functions are essential for single database private information retrieval
- Beimel, Ishai, et al.
- 1999
(Show Context)
Citation Context ...thmic communication complexity is presented in [10], under a new intractability assumption called the -hiding assumption. All the above schemes require only a single round of queries and answers. In [=-=4]-=- it is shown that a necessary assumption for any single database PIR with less than n communication complexity, is the existence of one-way functions. In [14] this result is strengthened to show that ... |

1 | Upper bound on the communicationcomplexity of private information retrieval - Ambainis - 1997 |

1 | On oblivious transfer and function evaluation - Naor, Pinkas - 1998 |