TY - GEN
T1 - Distributed point functions and their applications
AU - Gilboa, Niv
AU - Ishai, Yuval
N1 - Funding Information:
Research received funding from the European Union’s Tenth Framework Programme (FP10/2010-2016) under grant agreement no. 259426 ERC-CaC.
PY - 2014/1/1
Y1 - 2014/1/1
N2 - For x,y ∈{0,1}*, the point function Px,y is defined by Px,y (x) = y and Px,y (x′) = 0|y| for all x′ ≠ x. We introduce the notion of a distributed point function (DPF), which is a keyed function family Fk with the following property. Given x,y specifying a point function, one can efficiently generate a key pair (k0,k1) such that: (1) Fk0 ⊕ Fk1 = Px,y, and (2) each of k0 and k 1 hides x and y. Our main result is an efficient construction of a DPF under the (minimal) assumption that a one-way function exists. Distributed point functions have applications to private information retrieval (PIR) and related problems, as well as to worst-case to average-case reductions. Concretely, assuming the existence of a strong one-way function, we obtain the following applications. - Polylogarithmic 2-server binary PIR. We present the first 2-server computational PIR protocol in which the length of each query is polylogarithmic in the database size n and the answers consist of a single bit each. This improves over the 2O(√log n) query length of the protocol of Chor and Gilboa (STOC '97). Similarly, we get a polylogarithmic "PIR writing" scheme, allowing secure non-interactive updates of a database shared between two servers. Assuming just a standard one-way function, we get the first 2-server private keyword search protocol in which the query length is polynomial in the keyword size, the answers consist of a single bit, and there is no error probability. In all these protocols, the computational cost on the server side is comparable to applying a symmetric encryption scheme to the entire database. - Worst-case to average-case reductions. We present the first worst-case to average-case reductions for PSPACE and EXPTIME complete languages that require only a constant number of oracle queries. These reductions complement a recent negative result of Watson (TOTC '12).
AB - For x,y ∈{0,1}*, the point function Px,y is defined by Px,y (x) = y and Px,y (x′) = 0|y| for all x′ ≠ x. We introduce the notion of a distributed point function (DPF), which is a keyed function family Fk with the following property. Given x,y specifying a point function, one can efficiently generate a key pair (k0,k1) such that: (1) Fk0 ⊕ Fk1 = Px,y, and (2) each of k0 and k 1 hides x and y. Our main result is an efficient construction of a DPF under the (minimal) assumption that a one-way function exists. Distributed point functions have applications to private information retrieval (PIR) and related problems, as well as to worst-case to average-case reductions. Concretely, assuming the existence of a strong one-way function, we obtain the following applications. - Polylogarithmic 2-server binary PIR. We present the first 2-server computational PIR protocol in which the length of each query is polylogarithmic in the database size n and the answers consist of a single bit each. This improves over the 2O(√log n) query length of the protocol of Chor and Gilboa (STOC '97). Similarly, we get a polylogarithmic "PIR writing" scheme, allowing secure non-interactive updates of a database shared between two servers. Assuming just a standard one-way function, we get the first 2-server private keyword search protocol in which the query length is polynomial in the keyword size, the answers consist of a single bit, and there is no error probability. In all these protocols, the computational cost on the server side is comparable to applying a symmetric encryption scheme to the entire database. - Worst-case to average-case reductions. We present the first worst-case to average-case reductions for PSPACE and EXPTIME complete languages that require only a constant number of oracle queries. These reductions complement a recent negative result of Watson (TOTC '12).
KW - Distributed point function
KW - PIR
KW - secure keyword search
KW - worst-case to average-case reductions
UR - http://www.scopus.com/inward/record.url?scp=84901650090&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-55220-5_35
DO - 10.1007/978-3-642-55220-5_35
M3 - Conference contribution
AN - SCOPUS:84901650090
SN - 9783642552199
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 640
EP - 658
BT - Advances in Cryptology, EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
PB - Springer Verlag
T2 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2014
Y2 - 11 May 2014 through 15 May 2014
ER -