Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Optimal Rate Private Information Retrieval from Homomorphic Encryption

Aggelos Kiayias / Nikos Leonardos / Helger Lipmaa / Kateryna Pavlyk / Qiang Tang
Published Online: 2015-06-22 | DOI: https://doi.org/10.1515/popets-2015-0016


We consider the problem of minimizing the communication in single-database private information retrieval protocols in the case where the length of the data to be transmitted is large. We present first rate-optimal protocols for 1-out-of-n computationallyprivate information retrieval (CPIR), oblivious transfer (OT), and strong conditional oblivious transfer (SCOT). These protocols are based on a new optimalrate leveled homomorphic encryption scheme for large-output polynomial-size branching programs, that might be of independent interest. The analysis of the new scheme is intricate: the optimal rate is achieved if a certain parameter s is set equal to the only positive root of a degree-(m + 1) polynomial, where m is the length of the branching program. We show, by using Galois theory, that even when m = 4, this polynomial cannot be solved in radicals. We employ the Newton-Puiseux algorithm to find a Puiseux series for s, and based on this, propose a Θ (logm)-time algorithm to find an integer approximation to s.

Keywords: Branching programs; CPIR; Galois theory; homomorphic encryption; OT; Puiseux series; SCOT


  • [1] Aiello, W., Ishai, Y., Reingold, O.: Priced Oblivious Transfer: How to Sell Digital Goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg, Innsbruck, Austria (May 6–10, 2001)Google Scholar

  • [2] Blake, I.F., Kolesnikov, V.: Strong Conditional Oblivious Transfer and Computing on Intervals. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 515–529. Springer, Heidelberg, Jeju Island, Korea (Dec 5-9 2004)Google Scholar

  • [3] Cachin, C., Micali, S., Stadler, M.: Computational Private Information Retrieval with Polylogarithmic Communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg, Prague, Czech Republic (May 2–6, 1999)Google Scholar

  • [4] Camenisch, J., Chaabouni, R., shelat, a.: Efficient Protocols for Set Membership and Range Proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg, Melbourne, Australia (Dec 7–11, 2008)Google Scholar

  • [5] Camenisch, J., Neven, G., shelat, a.: Simulatable Adaptive Oblivious Transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg, Barcelona, Spain (May 20–24, 2007)Google Scholar

  • [6] Chaabouni, R., Lipmaa, H., shelat, a.: Additive Combinatorics and Discrete Logarithm Based Range Protocols. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 336–351. Springer, Heidelberg, Sydney, Australia (Jul 5–7, 2010)Google Scholar

  • [7] Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private Information Retrieval. In: FOCS 1995. pp. 41–50. IEEE, Milwaukee, Wisconsin, USA (Oct 23–25 1995)Google Scholar

  • [8] Choudhury, A., Loftus, J., Orsini, E., Patra, A., Smart, N.P.: Between a Rock and a Hard Place: Interpolating between MPC and FHE. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013 (2). LNCS, vol. 8270, pp. 221–240. Springer, Heidelberg, Bangalore, India (Dec 1–5, 2013)Google Scholar

  • [9] Cobham, A.: The Recognition Problem for the Set of Perfect Squares. In: FOCS 1966. pp. 78–87. IEEE Computer Society, Berkeley, California (Oct 23–25, 1966)Google Scholar

  • [10] Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg, Santa Barbara, USA (Aug 21–25 1994)Google Scholar

  • [11] Damgård, I., Jurik, M.: A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg, Cheju Island, Korea (Feb 13–15, 2001)Google Scholar

  • [12] Damgård, I., Jurik, M.: A Length-Flexible Threshold Cryptosystem with Applications. In: Safavi-Naini, R. (ed.) ACISP 2003. LNCS, vol. 2727, pp. 350–364. Springer, Heidelberg, Wollongong, Australia (Jul 9-11, 2003)Google Scholar

  • [13] Damgård, I.B., Jurik, M.J., Nielsen, J.B.: A Generalization of Paillier’s Public-key System with Applications to Electronic Voting. Int. J. Inf. Sec. 9(6), 371–385 (2010)Google Scholar

  • [14] Demmler, D., Herzberg, A., Schneider, T.: RAID-PIR: Practical Multi-Server PIR. In: Oprea, A., Safavi-Naini, R. (eds.) ACM CCSW 2014. ACM Press, Scottsdale, Arizona, USA (Nov 7, 2014)Google Scholar

  • [15] Devet, C., Goldberg, I.: The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency. In: Cristofaro, E.D., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 63–82. Springer, Heidelberg, Amsterdam, The Netherlands (Jul 16–18, 2014)Google Scholar

  • [16] Gentry, C.: A Fully Homomorphic Encryption Scheme. Ph.D. thesis, Stanford (Sep 2009)Google Scholar

  • [17] Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: Mitzenmacher, M. (ed.) STOC 2009. pp. 169–178. ACM Press, Bethesda, Maryland, USA (May 31 — Jun 2, 2009)Google Scholar

  • [18] Gentry, C., Ramzan, Z.: Single-Database Private Information Retrieval with Constant Communication Rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg, Lisboa, Portugal (2005)Google Scholar

  • [19] Groth, J., Kiayias, A., Lipmaa, H.: Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 107–123. Springer, Heidelberg, Paris, France (May 26–28, 2010)Google Scholar

  • [20] Ishai, Y., Paskin, A.: Evaluating Branching Programs on Encrypted Data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 575–594. Springer, Heidelberg, Amsterdam, The Netherlands (Feb 21–24, 2007)Google Scholar

  • [21] Kiayias, A., Leonardos, N., Lipmaa, H., Pavlyk, K., Tang, Q.: Communication Optimal Tardos-based Asymmetric Fingerprinting. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 469–486. Springer, Heildeberg, San Franscisco, CA, USA (Apr 20–24, 2015)Google Scholar

  • [22] Kushilevitz, E., Ostrovsky, R.: Replication is Not Needed: Single Database, Computationally-Private Information Retrieval. In: FOCS 1997. pp. 364–373. IEEE Computer Society, Miami Beach, Florida (Oct 20–22, 1997)Google Scholar

  • [23] Laur, S., Lipmaa, H.: A New Protocol for Conditional Disclosure of Secrets And Its Applications. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 207–225. Springer, Heidelberg, Zhuhai, China (Jun 5–8, 2007)Google Scholar

  • [24] Lipmaa, H.: On Diophantine Complexity and Statistical Zero-Knowledge Arguments. In: Laih, C.S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg, Taipei, Taiwan (Nov 30–Dec 4, 2003)Google Scholar

  • [25] Lipmaa, H.: An Oblivious Transfer Protocol with Log-Squared Communication. In: Zhou, J., Lopez, J. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg, Singapore (Sep 20–23, 2005)Google Scholar

  • [26] Lipmaa, H.: First CPIR Protocol with Data-Dependent Computation. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 193–210. Springer, Heidelberg, Seoul, Korea (Dec 2–4, 2009)Google Scholar

  • [27] Lorenz, F.: Algebra. Volume I: Fields and Galois Theory. Universitext, Springer (Dec 8, 2005)Google Scholar

  • [28] Meyer, C.D.: Matrix Analysis and Applied Linear Algebra. SIAM, 1 edn. (Jun 1, 2001)Google Scholar

  • [29] Naor, M., Pinkas, B.: Oblivious Transfer And Polynomial Evaluation. In: STOC 1999. pp. 245–254. ACM Press, Atlanta, Georgia, USA (May 1–4, 1999)Google Scholar

  • [30] Naor, M., Pinkas, B.: Efficient Oblivious Transfer Protocols. In: SODA 2001. pp. 448–457. ACM Press, Washington, DC, USA (Jan 7–9, 2001)Google Scholar

  • [31] Olumofin, F.G., Goldberg, I.: Revisiting the Computational Practicality of Private Information Retrieval. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 158–172. Springer, Heidelberg, Gros Islet, St. Lucia (Feb 28–Mar 4, 2011)Google Scholar

  • [32] Ostrovsky, R., Skeith III, W.E.: Communication Complexity in Algebraic Two-Party Protocols. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 379–396. Springer, Heidelberg, Santa Barbara, USA (Aug 17–21, 2008)Google Scholar

  • [33] Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg, Prague, Czech Republic (May 2–6, 1999)Google Scholar

  • [34] Papadopoulos, S., Bakiras, S., Papadias, D.: pCloud: A Distributed System for Practical PIR. IEEE Trans. Dependable Sec. Comput. 9(1), 115–127 (2012)Web of ScienceGoogle Scholar

  • [35] Pesic, P.: Abel’s Proof: An Essay on the Sources and Meaning of Mathematical Unsolvability. MIT Press (Feb 27, 2004)Google Scholar

  • [36] Pippenger, N.: On Simultaneous Resource Bounds. In: FOCS 1979. pp. 307–311. IEEE Computer Society Press, San Juan, Puerto Rico (Oct 29–31 1979)Google Scholar

  • [37] Stern, J.P.: A New And Efficient All Or Nothing Disclosure of Secrets Protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg, Beijing, China (Oct 18–22, 1998)Google Scholar

  • [38] Stewart, J.: Multivariable Calculus. Cengage Learning, 7 edn. (Jan 1, 2011)Google Scholar

  • [39] Walker, R.J.: Algebraic Curves. Springer (Oct 4, 2013)Google Scholar

  • [40] Wegener, I.: Branching Programs and Binary Decision Diagrams: Theory and Applications. Monographs on Discrete Mathematics and Applications, Society for Industrial Mathematics (2000)Google Scholar

About the article

Received: 2015-02-15

Revised: 2015-05-15

Accepted: 2015-05-15

Published Online: 2015-06-22

Published in Print: 2015-06-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2015, Issue 2, Pages 222–243, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2015-0016.

Export Citation

© Aggelos Kiayias et al.. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0

Comments (0)

Please log in or register to comment.
Log in