TY - GEN
T1 - On quantum advantage in information theoretic single-server PIR
AU - Aharonov, Dorit
AU - Brakerski, Zvika
AU - Chung, Kai Min
AU - Green, Ayal
AU - Lai, Ching-Yi
AU - Sattath, Or
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2019.
PY - 2019
Y1 - 2019
N2 - In (single-server) Private Information Retrieval (PIR), a server holds a large database DB of size n, and a client holds an index i∈[n] and wishes to retrieve DB[i] without revealing i to the server. It is well known that information theoretic privacy even against an “honest but curious” server requires Ω(n) communication complexity. This is true even if quantum communication is allowed and is due to the ability of such an adversarial server to execute the protocol on a superposition of databases instead of on a specific database (“input purification attack”). Nevertheless, there have been some proposals of protocols that achieve sub-linear communication and appear to provide some notion of privacy. Most notably, a protocol due to Le Gall (ToC 2012) with communication complexity O√n, and a protocol by Kerenidis et al. (QIC 2016) with communication complexity O(log(n)), and O(n) shared entanglement. We show that, in a sense, input purification is the only potent adversarial strategy, and protocols such as the two protocols above are secure in a restricted variant of the quantum honest but curious (a.k.a specious) model. More explicitly, we propose a restricted privacy notion called anchored privacy, where the adversary is forced to execute on a classical database (i.e. the execution is anchored to a classical database). We show that for measurement-free protocols, anchored security against honest adversarial servers implies anchored privacy even against specious adversaries. Finally, we prove that even with (unlimited) pre-shared entanglement it is impossible to achieve security in the standard specious model with sub-linear communication, thus further substantiating the necessity of our relaxation. This lower bound may be of independent interest (in particular recalling that PIR is a special case of Fully Homomorphic Encryption).
AB - In (single-server) Private Information Retrieval (PIR), a server holds a large database DB of size n, and a client holds an index i∈[n] and wishes to retrieve DB[i] without revealing i to the server. It is well known that information theoretic privacy even against an “honest but curious” server requires Ω(n) communication complexity. This is true even if quantum communication is allowed and is due to the ability of such an adversarial server to execute the protocol on a superposition of databases instead of on a specific database (“input purification attack”). Nevertheless, there have been some proposals of protocols that achieve sub-linear communication and appear to provide some notion of privacy. Most notably, a protocol due to Le Gall (ToC 2012) with communication complexity O√n, and a protocol by Kerenidis et al. (QIC 2016) with communication complexity O(log(n)), and O(n) shared entanglement. We show that, in a sense, input purification is the only potent adversarial strategy, and protocols such as the two protocols above are secure in a restricted variant of the quantum honest but curious (a.k.a specious) model. More explicitly, we propose a restricted privacy notion called anchored privacy, where the adversary is forced to execute on a classical database (i.e. the execution is anchored to a classical database). We show that for measurement-free protocols, anchored security against honest adversarial servers implies anchored privacy even against specious adversaries. Finally, we prove that even with (unlimited) pre-shared entanglement it is impossible to achieve security in the standard specious model with sub-linear communication, thus further substantiating the necessity of our relaxation. This lower bound may be of independent interest (in particular recalling that PIR is a special case of Fully Homomorphic Encryption).
UR - http://www.scopus.com/inward/record.url?scp=85065910658&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-17659-4_8
DO - 10.1007/978-3-030-17659-4_8
M3 - Conference contribution
AN - SCOPUS:85065910658
SN - 9783030176587
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 219
EP - 246
BT - Advances in Cryptology – EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Ishai, Yuval
A2 - Rijmen, Vincent
PB - Springer Verlag
T2 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2019
Y2 - 19 May 2019 through 23 May 2019
ER -