a storage efficient and robust private information
play

A Storage-efficient and Robust Private Information Retrieval Scheme - PowerPoint PPT Presentation

May 25, 2023 •336 likes •654 views

A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D. Augot, Franc oise Levy-dit-Vehel, Abudllatif Shikfa INRIA, ENSTA, Alcatel-Lucent D. Augot GT-BAC T el ecom, December 11, 2014 - 1/27 Outline

  1. A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D. Augot, Franc ¸oise Levy-dit-Vehel, Abudllatif Shikfa INRIA, ENSTA, Alcatel-Lucent D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 1/27

  2. Outline ◮ LDC codes ◮ Application to PIR ◮ Particular case of Reed-Muller and Derivative codes ◮ A better reduction D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 2/27

  3. Information Theoretic PIR ◮ User wants to retrieve T [ j ] from a table T on a remote Server S ◮ Property: j and the returned T [ j ] should be unknown to Server ◮ Scenario: ◮ a centralized database of health records is kept by ObamaCare: doctors, nurses, etc, make queries about their patient, without revealing his identity ◮ “information theoretic” : Pr ( j | after the protocol is run ) = Pr ( j ) ◮ With one server, we have a “Shannon-like” Theorem: The whole database has to be downloaded D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 3/27

  4. Information theoretically secure PIR With several servers: Can be achieved with Locally Decodable Codes (Katz-Trevisan00) D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 4/27

  5. Coding Definition (Code) Given two alphabets ∆ , Σ , a code is given by its encoding map C : ∆ k → Σ n . ◮ The data (or message) D is transformed C into a (longer) codeword using a generating matrix (linear code) ◮ The rate is k log ∆ n log Σ . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 5/27

  6. LDC (Locally Decodable Code) definition A code C : ∆ k → Σ n is ( ℓ, δ ) -locally decodable if: there exists a randomized decoding algorithm A y ( j ) such that: 1. on input j , given oracle access to y ∈ Σ n 2. A makes at most ℓ queries to y : q 1 , . . . , q ℓ ∈ [ 1 , n ] 3. A receives a 1 , . . . , a ℓ ∈ Σ x j = A y ( j , a 1 , . . . , a ℓ ) ∈ ∆ 4. compute ˜ 5. when d ( C ( x ) , y ) < δ n Pr [ A y ( j ) = x j ] ≥ 2 3 Furthermore, the code is smooth if each query q j is uniform random. D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 6/27

  7. LCC Definition (Locally Correctable Code) A code C ⊂ Σ n is ( ℓ, δ ) -locally correctable if there exists a randomized decoding algorithm A such that: 1. given oracle access to y ∈ Σ n , A makes at most ℓ queries to y . 2. on input i , output A y ( i ) 3. when d ( c , y ) < δ n , Pr [ A y ( i ) = c i ] ≥ 2 3 D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 7/27

  8. Theorem A F q -linear LCC code C ⊂ F n q can be turned into an LDC code C , Enc : F k q → F n q Proof. ◮ Let I ⊂ [ 1 , n ] be an information set of size k = dim C . ◮ For c ∈ C let c I ∈ F k q denote the restriction of c to coordinates in I . ◮ Given a message x ∈ F k q , we define Enc ( x ) to be the unique element c ∈ C such that c I = x . ◮ Local correctability of C yields local decodability of C . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 8/27

  9. PIR Definition (Private Information Retrieval (PIR)) An ℓ -server p -PIR protocol is a triple ( Q , A , R ) of algorithms as follows: 1. With a random string of bits s ; User generates an ℓ -tuple of queries ( q 1 , . . . , q ℓ ) = Q ( j , s ) 2. For 1 ≤ i ≤ ℓ , User sends q i to server S i 3. Each S i answers a i = A ( x , q i ) to User; 4. User recovers x j = R ( a 1 , . . . , a ℓ , j , s ) with probability p . The protocol has Privacy property is Pr ( j | q j ) = Pr ( j ) . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 9/27

  10. LDCs in PIR The data D is encoded in a codeword C , which is stored on each server. D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 10/27

  11. Reed-Muller codes ◮ We use the short-hand notation X i = X i 1 1 · · · X i m X = ( X 1 , . . . , X m ) m , F q [ X ] = F q [ X 1 , . . . , X m ] i = ( i 1 , . . . , i m ) ∈ N m | i | = i 1 + · · · + i m ◮ For i , j ∈ N m , i ≫ j means ∀ u , i u ≥ j u , ◮ the i -th Hasse derivative of F ∈ F q [ X ] , denoted by Hasse ( F , i ) , is � j � � j � � j 1 � � j m � � X j − i Hasse ( F , i )( X ) = with = · · · , f j i i i 1 i m j ≫ i f j ( X + Z ) j = � � Hasse ( F , i )( X ) Z i , F ( X + Z ) = j i D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 11/27

  12. Restriction to a line ◮ Consider a vector V ∈ F m q \ { 0 } , and a base point P , ◮ consider the restriction of F to the line D = { P + t V : t ∈ F q } , which is a univariate polynomial that we denote by F P , V ( T ) = F ( P + T V ) ∈ F q [ T ] ◮ We have the following relations: � Hasse ( F , j )( P ) V j T | j | , F P , V ( T ) = j � Hasse ( F , j )( P ) V j , coeff ( F P , V , i ) = | j | = i � Hasse ( F , j )( P + α V ) V j , Hasse ( F P , V , i )( α ) = α ∈ F q | j | = i D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 12/27

  13. Reed-Muller codes ◮ We enumerate F m q = { P 1 , . . . , P n } , ◮ F q [ X ] d is the set of polynomials of degree ≤ d , with d < q . ◮ We encode polynomials using the evaluation map F n ev : F q [ X ] d → q F �→ ( F ( P 1 ) , . . . , F ( P n )) ◮ The d-th order Reed-Muller code is RM d = { ev ( F ) | F ∈ F q [ X ] d } . � d + m � with dimension m ◮ c ∈ RM d is indexed as c = ( c P 1 , . . . , c P n ) , where c i = c P i . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 13/27

  14. Local decoding of Reed-Muller codes ◮ F ( X , Y ) restricted to a line D ( T ) is a univariate polynomial ◮ for a given i , R i is random, when the line is random ◮ two R i ’s give the line = ⇒ loss of incertitude (privacy) on P j D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 14/27

  15. Local decoding of Reed-Muller codes ◮ Given oracle access to y ≈ c = ev F ◮ On input P j , pick a random line D of direction V passing through P j : D ( T ) = { P j + T · V | T ∈ F q } = { R 0 = P j , R 1 . . . , R q − 1 } ⊂ F m q . ◮ R 1 , . . . , R q − 1 are sent as queries, and the decoding algorithm receives ∈ F q − 1 � � y R 1 , . . . , y R q − 1 . q ◮ In case of no errors, � � � � y R 1 , . . . , y R q − 1 = c R 1 , . . . , c R q − 1 , and c R u = F ( P j + α u · V ) = F P , V ( α u ) , α u � = 0 where F P , V = F ( P + T · V ) ∈ F q [ T ] is the restriction of F to D . ◮ F P , V is found with Lagrange interpolation, and c P j = F P , V ( 0 ) . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 15/27

  16. Local decoding of Reed-Muller codes, in presence of errors ◮ Given oracle access to y ≈ c = ev F ◮ On input P j , pick a random line D of direction V passing through P j : D ( T ) = { P j + T · V | Tx ∈ F q } = { R 0 = P j , R 1 . . . , R q − 1 } ⊂ F m q . ◮ R 1 , . . . , R q − 1 are sent as queries, and the decoding algorithm receives ∈ F q − 1 � � y R 1 , . . . , y R q − 1 . q ◮ � � � � y R 1 , . . . , y R q − 1 ≈ c R 1 , . . . , c R q − 1 = ev RS ( F ( P + T · V )) = ev RS ( F P , V ) ◮ One can recover F P j , V , using a Reed-Solomon decoding algorithm, and compute c P j = F P j , V ( 0 ) . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 16/27

  17. Multiciplity codes (Kopparty-Saraf-Yekhanin2011) � m + s − 1 ◮ Let s ∈ N , and σ = � , we build the evaluation at a point P : m ev s F σ P : F q [ X ] → q �→ ( Hasse ( F , v )( P )) | v | < s F ◮ Consider F q [ X ] d , with d < s ( q − 1 ) , the corresponding code is �� � Mult s ev s � d = P i ( F ) i = 1 ,..., n | F ∈ F q [ X ] d . d : ∆ k → Σ n , with ∆ = F q , and Σ = F σ ◮ It is a code Mult s q . � m + d ◮ The code Mult s � d is a F q -linear with dimension k = . d �� m + s − 1 · q m � � m + d ◮ rate R = � � / m m ◮ minimum distance q m − d s q m − 1 (Generalized Schwartz-Zippel). D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 17/27

  18. Local Decoding ◮ Two variables, first order derivatives = 1, σ = 3 ev P ( F ) = ( F ( P ) , F ( 1 , 0 ) ( P ) , F ( 0 , 1 ) ( P ) ◮ three random lines are needed, locality is ( q − 1 ) σ D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 18/27

  19. ◮ Given y = ( y 1 , . . . , y n ) , a noisy version of c = ev s ( F ) ∈ Mult d . ◮ Input j ∈ [ n ] ◮ Pick distinct σ non zero distinct random vectors U 1 , . . . , U σ ◮ For i = 1 to σ : ◮ Consider the line { P j + 0 · U i , P j + α 1 · U i , . . . , P j + α q − 1 · U i } = { R i , 0 , . . . , R i , q − 1 } ◮ Send R i , 1 , . . . , R i , q − 1 , as queries, ◮ Receive the answers: ( y R i , b ) v = Hasse ( F , v )( R i , b ) , ◮ Compute for each point, and for each order 0 ≤ e < s � Hasse ( F , v )( R i , b ) U v Hasse ( F P j , U i , e )( α b ) = i | v | = e ◮ Recover F P j , U i by Hermite interpolation (no error). ◮ Solve for the indeterminates Hasse ( F , v )( P j ) , | v | < s , the system: � t = 0 , . . . , s − 1 , � Hasse ( F , v )( P j ) U v coeff ( F P j , U i , t ) = i . i = 1 , . . . σ | v | = t ◮ Return { Hasse ( F , v )( P j ) , | v | < s } = ev s P j ( F ) . D. Augot GT-BAC T´ el´ ecom, December 11, 2014 - 19/27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and Dan Boneh Stanford University NSDI 2017 Today: Non-private aggregation StressTracker Blood pressure Twitter usage Today: Non-private

1.92k views • 178 slides
WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of

WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of

GSTAR: Storage Aware Routing Protocol for Efficient and Robust Services Nehal Somani, Abhishek Chanda, Samuel Nelson, Dipankar Raychaudhuri WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of mobility

783 views • 20 slides
Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and Dan Boneh Stanford University Appeared at NSDI 2017 Today: Non-private aggregation StressTracker Blood pressure Twitter usage Today:

1.92k views • 163 slides
STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF

STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF

STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF PORTFOLIO SELECTION 1952, Markowitz: Efficient frontier for one-off investments 1956, Kelly: Optimize expected terminal wealth for repeated games 1991,

583 views • 10 slides
The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence of what we do collection, evaluation, sharing these are all core to decision making whether it is part of the bridge team, the ashore side

352 views • 14 slides
Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization Joseph M.

Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization Joseph M.

Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization Joseph M. Renes, Renato Renner, David Sutter Institute for Theoretical Physics ASIACRYPT 2013, Bangalore 1 / 13 Information Theoretic Cryptography Goal:

600 views • 21 slides
Efficient Private Information Retrieval protocols based on transversal designs Julien Lavauzelle

Efficient Private Information Retrieval protocols based on transversal designs Julien Lavauzelle

Efficient Private Information Retrieval protocols based on transversal designs Julien Lavauzelle Team GRACE LIX &amp; INRIA Saclay, Universit Paris-Saclay Workshop Code-Based Cryptography 2017, Tenerife, Spain 02/06/2017 1. Definitions 2.

710 views • 47 slides
Efficient Private File Retrieval by Combining ORAM and PIR

Efficient Private File Retrieval by Combining ORAM and PIR

Efficient Private File Retrieval by Combining ORAM and PIR Travis Mayberry Erik-Oliver Blass Agnes Chan 1 Hiding Access Pa&gt;erns Oblivious RAM Private Informa6on

529 views • 25 slides
Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia

Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia

Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia &amp; Wireless Networking Lab. Seoul National University, Korea http://www.mwnl.snu.ac.kr Introduction Wi-Fi has become an indispensable part of

700 views • 49 slides
The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H.

The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H.

The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H. P. Kriegel R. Schneider B. Seeger Praktische Informatik, Universitaet Bremen February 23, 2013 Presented by Zhitao Gong Beckmann et al.

262 views • 22 slides
Endurance Enhancement of Flash-Memory Storage Systems: An Efficient Static Wear Leveling Design

Endurance Enhancement of Flash-Memory Storage Systems: An Efficient Static Wear Leveling Design

Endurance Enhancement of Flash-Memory Storage Systems: An Efficient Static Wear Leveling Design Yuan-Hao Chang, Jen-Wei Hsieh, and Tei-Wei Kuo Embedded Systems and Wireless Networking Laboratory Dept. of Computer Science and Information

661 views • 27 slides
Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic

Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic

Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic Driving Data Ali Rafei 1 , Michael R. Elliott 1 , Carol A.C. Flannagan 2 1 Michigan Program in Survey Methodology 2 University of Michigan

932 views • 66 slides
Robust Applications in Mesos Using External Storage David vonThenen {code} Dell Technologies

Robust Applications in Mesos Using External Storage David vonThenen {code} Dell Technologies

Robust Applications in Mesos Using External Storage David vonThenen {code} Dell Technologies @dvonthenen http://dvonthenen.com github.com/dvonthenen Agenda Mesos Storage Options Traditional Databases NoSQL, KeyValue

505 views • 32 slides
Robust Benchmarking for Archival Storage Tiers PDSW 2011 Lee et. al (Univ. Auckland)

Robust Benchmarking for Archival Storage Tiers PDSW 2011 Lee et. al (Univ. Auckland)

DongJin Lee 1 , Michael OSullivan 1 , Cameron Walker 1 Monique MacKensize 2 1 The University of Auckland New Zealand 2 The University of St Andrews United Kingdom Robust Benchmarking for Archival Storage Tiers PDSW 2011 Lee et. al

632 views • 36 slides
Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of

Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of

Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of Wisconsin-Milwaukee 44th Actuarial Research Conference Madison, WI, July 30August 1, 2009 a In collaboration with Jones and Zitikis (University

895 views • 73 slides
Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable; user friendly; well documented; . . . but first of all, CORRECT dont forget though: also, executable. . . Correctness

202 views • 19 slides
rs r r s

rs r r s

r ss r ss rs r r s r ss S n

576 views • 38 slides
Semi-Lagrangian schemes for linear and fully non-linear Hamilton-Jacobi-Bellman equations Kristian

Semi-Lagrangian schemes for linear and fully non-linear Hamilton-Jacobi-Bellman equations Kristian

Introduction SL schemes for HJB Conclusion Semi-Lagrangian schemes for linear and fully non-linear Hamilton-Jacobi-Bellman equations Kristian Debrabant 1 ,Espen R. Jakobsen 2 1 Department of Mathematics and Computer Science, University of

498 views • 35 slides
A-posteriori estimators for conservation laws A NDREAS D EDNER AND J AN G ISSELMANN

A-posteriori estimators for conservation laws A NDREAS D EDNER AND J AN G ISSELMANN

A-posteriori estimators for conservation laws A NDREAS D EDNER AND J AN G ISSELMANN A.S.Dedner@warwick.ac.uk, www2.warwick.ac.uk/fac/sci/maths/people/staff/andreas_dedner Mathematics Institute, Birmingham, Januar 5, 2016 Structure of solution

1.15k views • 33 slides
MATH 3341: Introduction to Scientific Computing Lab Libao Jin University of Wyoming October 14,

MATH 3341: Introduction to Scientific Computing Lab Libao Jin University of Wyoming October 14,

Lab 08: MATLAB Interpolation Routines &amp; Their Derivatives MATH 3341: Introduction to Scientific Computing Lab Libao Jin University of Wyoming October 14, 2020 L. Jin MATH 3341 Polynomial Interpolation Routines Lab 08: MATLAB

127 views • 8 slides
P tt ts r

P tt ts r

P tt ts r tr rs srt tr sr

312 views • 20 slides
Today CSE 473: Artificial Intelligence Spring 2018 A* Search Heuristic Search and A*

Today CSE 473: Artificial Intelligence Spring 2018 A* Search Heuristic Search and A*

3/22/2018 Today CSE 473: Artificial Intelligence Spring 2018 A* Search Heuristic Search and A* Algorithms Heuristic Design Steve Tanimoto Graph search With slides from : Dieter Fox, Dan Weld, Dan Klein, Stuart Russell, Andrew

194 views • 7 slides
CS 188: Artificial Intelligence Search Continued Instructors: Anca Dragan, Sergey Levine

CS 188: Artificial Intelligence Search Continued Instructors: Anca Dragan, Sergey Levine

CS 188: Artificial Intelligence Search Continued Instructors: Anca Dragan, Sergey Levine University of California, Berkeley [These slides adapted from Dan Klein and Pieter Abbeel; ai.berkeley.edu] Recap: Search Search o Search problem: o

839 views • 66 slides
PDSW 2020 5th International Parallel Data Systems Workshop Philip Carns, General Chair Shadi

PDSW 2020 5th International Parallel Data Systems Workshop Philip Carns, General Chair Shadi

PDSW 2020 5th International Parallel Data Systems Workshop Philip Carns, General Chair Shadi Ibrahim, Program Chair Kento Sato, Program Vice Chair Welcome! The goal of PDSW is to facilitate research that addresses the most critical

331 views • 10 slides

More recommend