An Ω(n1/3) Lower Bound for Bilinear Group-Based Private Information Retrieval∗
نویسندگان
چکیده
A two-server private information retrieval (PIR) scheme allows a user U to retrieve the i-th bit of an n-bit string x replicated on two servers while each server individually learns no information about i. The main parameter of interest in a PIR scheme is its communication complexity: the number of bits exchanged by the user and the servers. Substantial effort has been invested by researchers over the last decade in the search for efficient PIR schemes. A number of different schemes (Chor et al., 1998, Beimel et al., 2005, Woodruff and Yekhanin, CCC’05) have been proposed; however, all of them result in the same communication complexity of O(n1/3). The best known lower bound to date is 5 logn by Wehner and de Wolf (ICALP’05). The tremendous gap between upper and lower bounds is the focus of our paper. We show an Ω(n1/3) lower bound in a restricted model that nevertheless captures all known upper bound techniques. ∗A preliminary version of this paper appeared in the proceedings of the 47th IEEE Symposium on Foundations of Computer Science (FOCS’06) [15]. †Supported by the Charles Simonyi Endowment and NSF grant ITR-0324906. ‡Supported by NSF grant CCR 0219218. ACM Classification: H.3.3, F.1.3.e, F.1.2.b AMS Classification: 68P20, 68Q17, 20C20
منابع مشابه
An Ω(n) Lower Bound for Bilinear Group Based Private Information Retrieval
A two server private information retrieval (PIR) scheme allows a user U to retrieve the i-th bit of an n-bit string x replicated between two servers while each server individually learns no information about i. The main parameter of interest in a PIR scheme is its communication complexity, namely the number of bits exchanged by the user and the servers. A large amount of effort has been investe...
متن کاملOn Lower Bounds for the Communication Complexity of Private Information Retrieval∗
Private information retrieval for k ≥ 1 databases (denoted by (k, )-PIR for short) is a protocol that (1) a user sends an tuple query to each of k noncommunicating replicated databases; (2) each database responds the user with an answer corresponding to the tuple query; (3) the user privately retrieve any single bit out of the n bits of data stored in k databases. In this model, “privacy” impli...
متن کاملRevisiting the Direct Sum Theorem and Space Lower Bounds in Random Order Streams
Estimating frequency moments and Lp distances are well studied problems in the adversarial data stream model and tight space bounds are known for these two problems. There has been growing interest in revisiting these problems in the framework of random-order streams. The best space lower bound known for computing the k frequency moment in random-order streams is Ω(n1−2.5/k) by Andoni et al., a...
متن کاملA Linear Lower Bound on the Communication Complexity of Single-Server Private Information Retrieval
We study the communication complexity of single-server Private Information Retrieval (PIR) protocols that are based on fundamental cryptographic primitives in a black-box manner. In this setting, we establish a tight lower bound on the number of bits communicated by the server in any polynomially-preserving construction that relies on trapdoor permutations. More specifically, our main result st...
متن کاملAsymptotically Tight Bounds for Composing ORAM with PIR
Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted client to outsource storage to an untrusted server while hiding the client’s memory access patterns to the server. The last three decades of research on ORAMs have reduced the bandwidth blowup of ORAM schemes from O( √ N) to O(1). However, all schemes that achieve a bandwidth blowup smaller than O(logN) use expensive comput...
متن کامل