One-way functions are essential for single-server private information retrieval

Amos Beimel, Yuval Ishai, Eyal Kushilevitz, Tal Malkin

Research output: Contribution to journalConference articlepeer-review

32 Scopus citations

Abstract

Private Information Retrieval (PIR) protocols allow a user to read information from a database without revealing to the server storing the database which information he has read. Kushilevitz and Ostrovsky construct, based on the quadratic residuosity assumption, a single-server PIR protocol with small communication complexity. Cachin, Micali, and Stadler present a single-server PIR protocol with a smaller communication complexity, based on the (new) Φ-hiding assumption. A major question, addressed in the present work, is what assumption is the minimal assumption necessary for the construction of single-server private information retrieval protocols with small communication complexity. We prove that if there is a (0-error) PIR protocol in which the server sends less than n bits then one-way functions exist (where n is the number of bits in the database). That is, even saving one bit compared to the naive protocol, in which the entire database is sent, already requires one-way functions. The same result holds (but requires more work) even if we allow the retrieval to fail with probability of at most 1/(8n). Moreover, similar results hold even if we allow constant probability of error. For example, we prove that if there is a PIR protocol with error 1/4 and communication complexity less than n/10 bits, then one-way functions exist.

Original languageEnglish
Pages (from-to)89-98
Number of pages10
JournalConference Proceedings of the Annual ACM Symposium on Theory of Computing
DOIs
StatePublished - 1 Jan 1999
Externally publishedYes
EventProceedings of the 1999 31st Annual ACM Symposium on Theory of Computing - FCRC '99 - Atlanta, GA, USA
Duration: 1 May 19994 May 1999

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'One-way functions are essential for single-server private information retrieval'. Together they form a unique fingerprint.

Cite this