## Abstract

Private Information Retrieval (PIR) protocols allow a user to read information from a database without revealing to the server storing the database which information he has read. Kushilevitz and Ostrovsky construct, based on the quadratic residuosity assumption, a single-server PIR protocol with small communication complexity. Cachin, Micali, and Stadler present a single-server PIR protocol with a smaller communication complexity, based on the (new) Φ-hiding assumption. A major question, addressed in the present work, is what assumption is the minimal assumption necessary for the construction of single-server private information retrieval protocols with small communication complexity. We prove that if there is a (0-error) PIR protocol in which the server sends less than n bits then one-way functions exist (where n is the number of bits in the database). That is, even saving one bit compared to the naive protocol, in which the entire database is sent, already requires one-way functions. The same result holds (but requires more work) even if we allow the retrieval to fail with probability of at most 1/(8n). Moreover, similar results hold even if we allow constant probability of error. For example, we prove that if there is a PIR protocol with error 1/4 and communication complexity less than n/10 bits, then one-way functions exist.

Original language | English |
---|---|

Pages (from-to) | 89-98 |

Number of pages | 10 |

Journal | Conference Proceedings of the Annual ACM Symposium on Theory of Computing |

DOIs | |

State | Published - 1 Jan 1999 |

Externally published | Yes |

Event | Proceedings of the 1999 31st Annual ACM Symposium on Theory of Computing - FCRC '99 - Atlanta, GA, USA Duration: 1 May 1999 → 4 May 1999 |

## ASJC Scopus subject areas

- Software