Skip to main content
Springer Nature Link
Log in

Fully Malicious Authenticated PIR

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2024 (CRYPTO 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14928))

Included in the following conference series:

Abstract

Authenticated PIR enables a server to initially commit to a database of N items, for which a client can later privately obtain individual items with complexity sublinear in N, with the added guarantee that the retrieved item is consistent with the committed database. A crucial requirement is privacy with abort, i.e., the server should not learn anything about a query even if it learns whether the client aborts.

This problem was recently considered by Colombo et al. (USENIX ’23), who proposed solutions secure under the assumption that the database is committed to honestly. Here, we close this gap for their DDH-based scheme, and present a solution that tolerates fully malicious servers that provide potentially malformed commitments. Our scheme has communication and client computational complexity \(\mathcal {O}_{\lambda }(\sqrt{N})\), does not require any additional assumptions, and does not introduce heavy machinery (e.g., generic succinct proofs). We do so by introducing validation queries, which, from the server’s perspective, are computationally indistinguishable from regular PIR queries. Provided that the server succeeds in correctly answering \(\kappa \) such validation queries, the client is convinced with probability \(1-\frac{1}{2^\kappa }\) that the server is unable to break privacy with abort.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aguilar-Melchor, C., Barrier, J., Fousse, L., Killijian, M.O.: XPIR: private information retrieval for everyone. PoPETs 2016(2), 155–174 (2016). https://doi.org/10.1515/popets-2016-0010

    Article  Google Scholar 

  2. Ali, A., Lepoint, T., Patel, S., Raykova, M., Schoppmann, P., Seth, K., Yeo, K.: Communication-computation trade-offs in PIR. In: Bailey, M., Greenstadt, R. (eds.) USENIX Security 2021, pp. 1811–1828. USENIX Association, August 2021. https://www.usenix.org/conference/usenixsecurity21/presentation/ali

  3. Angel, S., Chen, H., Laine, K., Setty, S.T.V.: PIR with compressed queries and amortized query processing. In: 2018 IEEE Symposium on Security and Privacy, pp. 962–979. IEEE Computer Society Press, May 2018. https://doi.org/10.1109/SP.2018.00062

  4. Angel, S., Setty, S.T.V.: Unobservable communication over fully untrusted infrastructure. In: Keeton, K., Roscoe, T. (eds.) 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Savannah, GA, USA, 2–4 November 2016, pp. 551–569. USENIX Association (2016). https://www.usenix.org/conference/osdi16/technical-sessions/presentation/angel

  5. Barak, B., Goldreich, O.: Universal arguments and their applications. SIAM J. Comput. 38(5), 1661–1694 (2008). https://doi.org/10.1137/070709244

    Article  MathSciNet  Google Scholar 

  6. Beimel, A., Stahl, Y.: Robust information-theoretic private information retrieval. J. Cryptol. 20(3), 295–321 (2007). https://doi.org/10.1007/s00145-007-0424-2

    Article  MathSciNet  Google Scholar 

  7. Ben-David, S., Kalai, Y.T., Paneth, O.: Verifiable private information retrieval. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC 2022, Part III. LNCS, vol. 13749, pp. 3–32. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22368-6_1

    Chapter  Google Scholar 

  8. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055716

    Chapter  Google Scholar 

  9. Boyle, E., Ishai, Y., Pass, R., Wootters, M.: Can we access a database both locally and privately? In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part II. LNCS, vol. 10678, pp. 662–693. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_22

    Chapter  Google Scholar 

  10. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE Computer Society Press, May 2018. https://doi.org/10.1109/SP.2018.00020

  11. Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_28

    Chapter  Google Scholar 

  12. Camenisch, J., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_33

  13. Canetti, R., Holmgren, J., Richelson, S.: Towards doubly efficient private information retrieval. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part II. LNCS, vol. 10678, pp. 694–726. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_23

    Chapter  Google Scholar 

  14. de Castro, L., Lee, K.: VeriSimplePIR: verifiability in SimplePIR at no online cost for honest servers. In: USENIX Security 2024. USENIX Association, August 2024. https://www.usenix.org/conference/usenixsecurity24/presentation/de-castro

  15. Cheng, R., et al.: Talek: private group messaging with hidden access patterns. In: ACSAC 2020: Annual Computer Security Applications Conference, Virtual Event/Austin, TX, USA, 7–11 December 2020, pp. 84–99. ACM (2020). https://doi.org/10.1145/3427228.3427231

  16. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: 36th FOCS, pp. 41–50. IEEE Computer Society Press, October 1995. https://doi.org/10.1109/SFCS.1995.492461

  17. Colombo, S., Nikitin, K., Corrigan-Gibbs, H., Wu, D.J., Ford, B.: Authenticated private information retrieval. In: Calandrino, J.A., Troncoso, C. (eds.) USENIX Security 2023, pp. 3835–3851. USENIX Association, August 2023. https://www.usenix.org/conference/usenixsecurity23/presentation/colombo

  18. Davidson, A., Pestana, G., Celi, S.: FrodoPIR: simple, scalable, single-server private information retrieval. PoPETs 2023(1), 365–383 (2023). https://doi.org/10.56553/popets-2023-0022

  19. Devet, C., Goldberg, I., Heninger, N.: Optimally robust private information retrieval. In: Kohno, T. (ed.) USENIX Security 2012, pp. 269–283. USENIX Association, August 2012. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/devet

  20. Dietz, M., Tessaro, S.: Fully malicious authenticated PIR. Cryptology ePrint Archive, Report 2023/1804 (2023). https://eprint.iacr.org/2023/1804

  21. Dong, C., Chen, L.: A fast single server private information retrieval protocol with low communication cost. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 380–399. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_22

    Chapter  Google Scholar 

  22. Doröz, Y., Sunar, B., Hammouri, G.: Bandwidth efficient PIR from NTRU. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 195–207. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_16

    Chapter  Google Scholar 

  23. Eriguchi, R., Kurosawa, K., Nuida, K.: Multi-server PIR with full error detection and limited error correction. In: Dachman-Soled, D. (ed.) 3rd Conference on Information-Theoretic Cryptography (ITC 2022). Leibniz International Proceedings in Informatics (LIPIcs), vol. 230, pp. 1:1–1:20. Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany (2022). https://doi.org/10.4230/LIPIcs.ITC.2022.1

  24. Gentry, C., Halevi, S.: Compressible FHE with applications to PIR. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part II. LNCS, vol. 11892, pp. 438–464. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36033-7_17

    Chapter  Google Scholar 

  25. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 99–108. ACM Press, June 2011. https://doi.org/10.1145/1993636.1993651

  26. Goldberg, I.: Improving the robustness of private information retrieval. In: 2007 IEEE Symposium on Security and Privacy, pp. 131–148. IEEE Computer Society Press, May 2007. https://doi.org/10.1109/SP.2007.23

  27. Green, M., Ladd, W., Miers, I.: A protocol for privately reporting ad impressions at scale. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1591–1601. ACM Press, October 2016. https://doi.org/10.1145/2976749.2978407

  28. Gupta, T., Crooks, N., Mulhern, W., Setty, S.T.V., Alvisi, L., Walfish, M.: Scalable and private media consumption with popcorn. In: Argyraki, K.J., Isaacs, R. (eds.) 13th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2016, Santa Clara, CA, USA, 16–18 March 2016, pp. 91–107. USENIX Association (2016). https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/gupta-trinabh

  29. Henzinger, A., Dauterman, E., Corrigan-Gibbs, H., Zeldovich, N.: Private web search with Tiptoe. In: Flinn, J., Seltzer, M.I., Druschel, P., Kaufmann, A., Mace, J. (eds.) Proceedings of the 29th Symposium on Operating Systems Principles, SOSP 2023, Koblenz, Germany, 23–26 October 2023, pp. 396–416. ACM (2023). https://doi.org/10.1145/3600006.3613134

  30. Henzinger, A., Hong, M.M., Corrigan-Gibbs, H., Meiklejohn, S., Vaikuntanathan, V.: One server for the price of two: simple and fast single-server private information retrieval. In: Calandrino, J.A., Troncoso, C. (eds.) 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, 9–11 August 2023. USENIX Association (2023). https://www.usenix.org/conference/usenixsecurity23/presentation/henzinger

  31. Huang, Y., Katz, J., Evans, D.: Efficient secure two-party computation using symmetric cut-and-choose. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 18–35. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_2

    Chapter  Google Scholar 

  32. Kilian, J.: On the complexity of bounded-interaction and noninteractive zero-knowledge proofs. In: 35th FOCS, pp. 466–477. IEEE Computer Society Press, November 1994. https://doi.org/10.1109/SFCS.1994.365744

  33. Kiraz, M., Schoenmakers, B.: A protocol issue for the malicious case of Yao’s garbled circuit construction. In: 27th Symposium on Information Theory in the Benelux, vol. 29, pp. 283–290 (2006)

    Google Scholar 

  34. Kurosawa, K.: How to correct errors in multi-server PIR. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 564–574. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_20

    Chapter  Google Scholar 

  35. Kushilevitz, E., Ostrovsky, R.: Replication is NOT needed: SINGLE database, computationally-private information retrieval. In: 38th FOCS, pp. 364–373. IEEE Computer Society Press, October 1997. https://doi.org/10.1109/SFCS.1997.646125

  36. Lin, W.K., Mook, E., Wichs, D.: Doubly efficient private information retrieval and fully homomorphic RAM computation from ring LWE. In: 55th ACM STOC, pp. 595–608. ACM Press, June 2023. https://doi.org/10.1145/3564246.3585175

  37. Lindell, Y., Pinkas, B.: Secure two-party computation via cut-and-choose oblivious transfer. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 329–346. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_20

    Chapter  Google Scholar 

  38. Lipmaa, H.: An oblivious transfer protocol with log-squared communication. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_23

    Chapter  Google Scholar 

  39. Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS 2014. The Internet Society, February 2014

    Google Scholar 

  40. Vaudenay, S.: Security flaws induced by CBC padding — applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_35

    Chapter  Google Scholar 

  41. Wang, X., Zhao, L.: Verifiable single-server private information retrieval. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 478–493. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_28

    Chapter  Google Scholar 

  42. Yi, X., Kaosar, M.G., Paulet, R., Bertino, E.: Single-database private information retrieval from fully homomorphic encryption. IEEE Trans. Knowl. Data Eng. 25(5), 1125–1134 (2013). https://doi.org/10.1109/TKDE.2012.90

    Article  Google Scholar 

  43. Zhang, L.F., Safavi-Naini, R.: Verifiable multi-server private information retrieval. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 62–79. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_5

    Chapter  Google Scholar 

  44. Zhao, L., Wang, X., Huang, X.: Verifiable single-server private information retrieval from LWE with binary errors. Inf. Sci. 546, 897–923 (2021). https://doi.org/10.1016/j.ins.2020.08.071

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments

We thank Chenzhi Zhu for his involvement in the initial stage of this project. This research was partially supported by NSF grants CNS-2026774, CNS-2154174, a JP Morgan Faculty Award, a CISCO Faculty Award, and a gift from Microsoft.

Author information

Authors and Affiliations

  1. Paul G. Allen School of Computer Science & Engineering, University of Washington, Seattle, USA

    Marian Dietz & Stefano Tessaro

Authors
  1. Marian Dietz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefano Tessaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marian Dietz .

Editor information

Editors and Affiliations

  1. Boston University, Boston, MA, USA

    Leonid Reyzin

  2. University of Waterloo, Waterloo, ON, Canada

    Douglas Stebila

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dietz, M., Tessaro, S. (2024). Fully Malicious Authenticated PIR. In: Reyzin, L., Stebila, D. (eds) Advances in Cryptology – CRYPTO 2024. CRYPTO 2024. Lecture Notes in Computer Science, vol 14928. Springer, Cham. https://doi.org/10.1007/978-3-031-68400-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-68400-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-68399-2

  • Online ISBN: 978-3-031-68400-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships