TY - GEN
T1 - Reducing the servers computation in private information retrieval
T2 - 20th Annual International Cryptology Conference, CRYPTO 2000
AU - Beimel, Amos
AU - Ishai, Yuval
AU - Malkin, Tal
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2000.
PY - 2000
Y1 - 2000
N2 - Private information retrieval(PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sub-linear communication were suggested. However, in all these protocols the servers’ computation for each retrievalis at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the modelof PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomially-many information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a k-server protocolwith O(n1/(2k-1)) communication and O(n/ log2k-2 n) work, and for any constants k ≥ 2 and ε > 0 a k-server protocolwith O(n1/k+ε) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an off-line stage.
AB - Private information retrieval(PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sub-linear communication were suggested. However, in all these protocols the servers’ computation for each retrievalis at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the modelof PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomially-many information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a k-server protocolwith O(n1/(2k-1)) communication and O(n/ log2k-2 n) work, and for any constants k ≥ 2 and ε > 0 a k-server protocolwith O(n1/k+ε) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an off-line stage.
UR - http://www.scopus.com/inward/record.url?scp=84974593790&partnerID=8YFLogxK
U2 - 10.1007/3-540-44598-6_4
DO - 10.1007/3-540-44598-6_4
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84974593790
SN - 9783540445982
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 55
EP - 73
BT - Advances in Cryptology - CRYPTO 2000 - 20th Annual International Cryptology Conference, Proceedings
A2 - Bellare, Mihir
Y2 - 20 August 2000 through 24 August 2000
ER -