Heterogenous Private Information Retrieval Hamid Mozaffari, Amir Houmansadr University of Massachusetts Amherst
Pr Private Information Retrieval u Private information retrieval (PIR) enables clients to query and retrieve data from untrusted servers without the untrusted servers learning which data was retrieved. Untrusted Data Server (medical directory) PIR Client (patient) Goal: Download disease information 2 without server learning
Pr Private Information Retrieval: Ap Application ons u Private Movie Streaming (Popcorn, NSDI’16) u Private Tor Relay Information Retrieval (PIR-Tor, Usenix’11) u Private Contact Discovery (DP5, PETS’15) u Private Ad delivery (AdScale, CCS’16) 3
Private Information Retrieval: Typ ypes u Single-Server PIR: u Provides computational security. u Requires cryptographic assumptions. u Multi-Server PIR: u Usually provides information-theoretic security. u They need to assume that the servers do not collude. 4
Ex Existi ting ng mul multi ti-se server PIR protocols s are ho homo mogene neous us! Untrusted Data Server 1 Impose symmetric computation and communication 5 Untrusted Data Server 2 PIR Client loads 5
Homogeneous PIR protocols are not suitable for many real-world applications
Ex Exampl mple Appl pplicati tion: n: CDN DN Over PIR Origin Server https://www.nytimes.com PIR Query & Response I Homogenous PIR is useless for CDNs CDN Server CDN Server CDN PIR Query & PIR Browser Response II Client PIR Client 7 7
Homogeneous PIR protocols are not suitable for many real-world applications Our goal: designing heterogeneous PIR (HPIR) protocols, which impose non-uniform computation and communication overheads.
Ex Exampl mple Appl pplicati tion: n: CDN DN Over PIR Origin Server https://www.nytimes.com PIR Query & Response I Homogenous PIR is useful for CDNs CDN Server CDN Server CDN PIR Query & PIR Browser Response II Client PIR Client 9
Homogeneous PIR protocols are not suitable for many real-world applications Our goal: designing heterogeneous PIR (HPIR) protocols, which impose non-uniform computation and communication overheads. HPIR can enable many potential applications for PIR as well as improve the usability of PIR in some existing applications.
Ex Exampl mple Appl pplicati tion: n: P2P Over PIR Seeder B Acting as The Poor PIR Server Seeder C Acting as The Poor PIR Server Seeder A Acting as The Rich Server PIR Client PIR Client 11
HPIR is good but how we build it 12
No Non-Pr Private Information Retrieval index Word 1 … Word c ' % = < 0 0 … 1 … 0 > 1 ! "," … ! ",$ … … … … j ! … ! %," %,$ ' % . ! = < ! %" ! %/ … ! %0 > … … … … Client r ! &," … ! &,$ • Client is interested in 1 23 row • Total of r rows • Challenge: How to make ' • Each row holds one c-words % private? block of data • Secret sharing • Each word is an element of some finite field F 13
Sh Shamir Se Secr cret Sh Sharing One secret s will be shared among L shareholders: 14
Se Secr cret Sh Sharing in PIR [Go [Goldberg SP SP’0 ’07] Server 1 idx W1 … Wc Acting as the Dealer 1 ! "," … ! ",$ … … … … Acting as the r ! %," … ! %,$ Server 2 shareholders idx W1 … Wc 1 ! "," … ! ",$ PIR Client … … … … r ! %," … ! %,$ Server k idx W1 … Wc 1 ! "," … ! ",$ … … … … r ! %," … ! %,$ 15
Se Secr cret Sh Sharing in PIR [Go [Goldberg SP SP’0 ’07] Server 1 idx W1 … Wc 1 ! "," … ! ",$ & " … … … … r ! %," … ! %,$ Server 2 & ( idx W1 … Wc 1 ! "," … ! ",$ PIR Client … … … … r ! %," … ! %,$ & ' Server k idx W1 … Wc 1 ! "," … ! ",$ … … … … r ! %," … ! %,$ 16
Se Secr cret Sh Sharing in PIR [Go [Goldberg SP SP’0 ’07] Server 1 idx W1 … Wc 1 ! "," … ! ",$ & " … … … … r ! %," … ! %,$ Server 2 idx W1 … Wc & ' 1 ! "," … ! ",$ PIR Client … … … … r ! %," … ! %,$ & ( Server k idx W1 … Wc 1 ! "," … ! ",$ … … … … r ! %," … ! %,$ 17
PIR PIR-Ta Tailored Secret Sharing u Features: u Allows sharing multiple secrets from values of {0, 1}. u Is not designed to enable recovering the secrets by the shareholders. u Key ideas: u Increasing the degree of freedom of secrets by injecting more random numbers. u Attach the secrets to different prime numbers. 18
HPIR HPIR based ed on PIR PIR-Ta Tailored Secret Sharing ) * = < + *,* + *,- … + *,. > ) - = < + -,* + -,- … + -,. > ! " = < 0 0 … 1 … 0 > … = < ⋯ > PIR Client ) 01* = < + 2,* + 2,- … + 2,. > 19
HPIR HPIR based ed on PIR PIR-Ta Tailored Secret Sharing Server 1 idx W1 … Wc 1 ! "," … ! ",$ & " … … … … r ! %," … ! %,$ Server 2 & + , & , idx W1 … Wc 1 ! "," … ! ",$ PIR Client … … … … & ' , … , & )*" r ! %," … ! %,$ Server k idx W1 … Wc 1 ! "," … ! ",$ … … … … r ! %," … ! %,$ 20
HPIR HPIR based ed on PIR PIR-Ta Tailored Secret Sharing Server 1 idx W1 … Wc 1 ! "," … ! ",$ & " … … … … r ! %," … ! %,$ Server 2 idx W1 … Wc & ' , & ( 1 ! "," … ! ",$ PIR Client … … … … r ! %," … ! %,$ & ) , … , & +," Server k idx W1 … Wc 1 ! "," … ! ",$ … … … … r ! %," … ! %,$ 21
HPIR: HPIR: Im Implem emen entation • Implemented in C++ in 800 lines • Use NTL for handling big number operations • Compatible with Percy++ PIR library • Experiments are run on a single thread (a quad-core i7 CPU 3.6 GHz) 22
Se Server Proce cessi ssing Time for HPIR HPIR Goldberg SP’07 Rich Server Poor Server q=4 q=4 q=3 q=3 q=2 q=2 q=1 q=1 23
Th The Com Communication on O Overheads HPIR: Rich Server Homogenous HPIR: Poor Server 24
Con Conclusion ons • All the previous multi-server PIR protocols are homogenous. • We propose heterogenous PIR protocols • We design and implement the first HPIR protocol • Using a new PIR-tailored secret sharing algorithm • We believe HPIR will enable new applications for PIR and will improve the usability of some existing ones • Our code is available at https://github.com/SPIN- UMass/HPIR. 25
Recommend
More recommend
