Abstract.
Extended private information retrieval (EPIR) was defined by
Bringer, Chabanne, Pointcheval and Tang at CANS 2007 and generalized
by Bringer and Chabanne at AFRICACRYPT 2009. In the generalized setting, EPIR allows a user to
evaluate a function on a database block such that the database
can learn neither which function has been evaluated nor on which
block the function has been evaluated and the user learns no more
information on the database blocks except for the expected result. An
EPIR protocol for evaluating polynomials over a finite field
was proposed by Bringer and Chabanne in
[Lecture Notes in Comput. Sci. 5580, Springer (2009), 305–322].
We show that the protocol does not
satisfy the correctness requirement as they have claimed. In
particular, we show that it does not give the user the
expected result with large probability if one of the coefficients of
the polynomial to be evaluated is primitive in
and the others
belong to the prime subfield of
.
© 2012 by Walter de Gruyter Berlin Boston
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.