Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

XPIR : Private Information Retrieval for Everyone

Carlos Aguilar-Melchor / Joris Barrier / Laurent Fousse / Marc-Olivier Killijian
Published Online: 2015-12-30 | DOI: https://doi.org/10.1515/popets-2016-0010


A Private Information Retrieval (PIR) scheme is a protocol in which a user retrieves a record from a database while hiding which from the database administrators. PIR can be achieved using mutuallydistrustful replicated databases, trusted hardware, or cryptography. In this paper we focus on the later setting which is known as single-database computationally- Private Information Retrieval (cPIR). Classic cPIR protocols require that the database server executes an algorithm over all the database content at very low speeds which impairs their usage. In [1], given certain assumptions, realistic at the time, Sion and Carbunar showed that cPIR schemes were not practical and most likely would never be. To this day, this conclusion is widely accepted by researchers and practitioners. Using the paradigm shift introduced by lattice-based cryptography, we show that the conclusion of Sion and Carbunar is not valid anymore: cPIR is of practical value. This is achieved without compromising security, using standard crytosystems, and conservative parameter choices.

Keywords : cPIR; Lattice-Based Cryptography


  • [1] R. Sion and B. Carbunar, “On the Computational Practicality of Private Information Retrieval,” in 14th ISOC Network and Distributed Systems Security Symposium (NDSS’07), San Diego, CA, USA, 2007.Google Scholar

  • [2] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, “Private Information Retrieval,” in 46th IEEE Symposium on Foundations of Computer Science (FOCS’95), Pittsburgh, PA, USA, pp. 41-50, IEEE Computer Society Press, 1995.Google Scholar

  • [3] W. Gasarch, “A Survey on Private Information Retrieval,” Bulletin of the European Association for Theoretical Computer Science, vol. 82, pp. 72-107, Feb. 2004. Columns: Computational Complexity.Google Scholar

  • [4] A. Kiayias and M. Yung, “Secure Games with Polynomial Expressions,” in ICALP: Annual International Colloquium on Automata, Languages and Programming, 2001.Google Scholar

  • [5] C. Aguilar Melchor and P. Gaborit, “A Fast Private Information Retrieval Protocol,” in The 2008 IEEE International Symposium on Information Theory (ISIT’08), Toronto, Ontario, Canada, pp. 1848-1852, IEEE Computer Society Press, 2008.Google Scholar

  • [6] J. T. Trostle and A. Parrish, “Efficient computationally private information retrieval from anonymity or trapdoor groups,” in ISC (M. Burmester, G. Tsudik, S. S. Magliveras, and I. Ilic, eds.), vol. 6531 of Lecture Notes in Computer Science, pp. 114-128, Springer, 2010.Google Scholar

  • [7] J. P. Stern, “A New Efficient All-Or-Nothing Disclosure of Secrets Protocol.,” in 13th Annual International Conference on the Theory and Application of Cryptology & Information Security (ASIACRYPT’98), Beijing, China, vol. 1514 of Lecture Notes in Computer Science, pp. 357-371, Springer, 1998.Google Scholar

  • [8] H. Lipmaa, “First cpir protocol with data-dependent computation,” in Proceedings of the 12th International Conference on Information Security and Cryptology, ICISC’09, (Berlin, Heidelberg), pp. 193-210, Springer-Verlag, 2010.Google Scholar

  • [9] R. Ostrovsky and W. E. Skeith III, “Private Searching on Streaming Data,” in Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, vol. 3621 of Lecture Notes in Computer Science, pp. 223-240, Springer, 2005.Google Scholar

  • [10] D. Bleichenbacher, A. Kiayias, and M. Yung, “Decoding of Interleaved Reed Solomon Codes over Noisy Data,” in Automata, Languages and Programming, 30th International Colloquium, ICALP 2003, Eindhoven, The Netherlands, June 30 - July 4, 2003. Proceedings (J. C. M. Baeten, J. K. Lenstra, J. Parrow, and G. J. Woeginger, eds.), vol. 2719 of Lecture Notes in Computer Science, pp. 97-108, Springer, 2003.Google Scholar

  • [11] D. Coppersmith and M. Sudan, “Reconstructing curves in three (and higher) dimensional space from noisy data,” in Proceedings of the 35th Annual ACM Symposium on Theory of Computing, STOC’2003 (San Diego, California, USA, June 9-11, 2003), (New York), pp. 136-142, ACM Press, 2003.Google Scholar

  • [12] S. Arora and R. Ge, “New algorithms for learning in presence of errors,” in Automata, Languages and Programming, 30th International Colloquium, ICALP 2003, Eindhoven, The Netherlands, June 30 - July 4, 2003. Proceedings, pp. 403-415, Springer, 2011.Google Scholar

  • [13] J. Bi, M. Liu, and X. Wangi, “Cryptanalysis of a homomorphic encryption scheme from isit 2008,” in Information Theory Proceedings (ISIT), 2012 IEEE International Symposium on, pp. 2152-2156, 2012.Google Scholar

  • [14] T. Lepoint and M. Tibouchi, “Cryptanalysis of a (somewhat) additively homomorphic encryption scheme used in pir,” in WAHC’15 - 3rd Workshop on Encrypted Computing and Applied Homomorphic Cryptography, 2015.Google Scholar

  • [15] C. Aguilar Melchor, B. Crespin, P. Gaborit, V. Jolivet, and P. Rousseau, “High-speed Private Information Retrieval Computation on GPU,” in Second International Conference on Emerging Security Information, Systems and Technologies (SECURWARE’08), Cap Esterel, France, pp. 263-272, IEEE Computer Society Press, 2008.Google Scholar

  • [16] P. Mittal, F. G. Olumofin, C. Troncoso, N. Borisov, and I. Goldberg, “Pir-tor: Scalable anonymous communication using private information retrieval.,” in USENIX Security Symposium, 2011.Google Scholar

  • [17] R. Henry, Y. Huang, and I. Goldberg, “One (block) size fits all: Pir and spir with variable-length records via multi-block queries,” Proceedings of NDSS, 2013.Google Scholar

  • [18] T. Mayberry, E.-O. Blass, and A. H. Chan, “Efficient private file retrieval by combining ORAM and PIR,” in Proceedings of Annual Network & Distributed System Security Symposium, pp. 1-11, Citeseer, 2014.Google Scholar

  • [19] E.-O. Blass, R. Di Pietro, R. Molva, and M. Önen, “Prism - privacy-preserving search in mapreduce,” in Privacy Enhancing Technologies (S. Fischer-Hübner and M. Wright, eds.), vol. 7384 of Lecture Notes in Computer Science, pp. 180-200, Springer Berlin Heidelberg, 2012.Google Scholar

  • [20] F. Olumofin, P. Tysowski, I. Goldberg, and U. Hengartner, “Achieving efficient query privacy for location based services,” in Privacy Enhancing Technologies (M. Atallah and N. Hopper, eds.), vol. 6205 of Lecture Notes in Computer Science, pp. 93-110, Springer Berlin Heidelberg, 2010.Google Scholar

  • [21] F. Olumofin and I. Goldberg, “Privacy-preserving queries over relational databases,” in Privacy Enhancing Technologies (M. Atallah and N. Hopper, eds.), vol. 6205 of Lecture Notes in Computer Science, pp. 75-92, Springer Berlin Heidelberg, 2010.Google Scholar

  • [22] C. Devet and I. Goldberg, “The best of both worlds: Combining information-theoretic and computational pir for communication efficiency,” in Privacy Enhancing Technologies, pp. 63-82, Springer, 2014.Google Scholar

  • [23] V. Lyubashevsky, C. Peikert, and O. Regev, “On ideal lattices and learning with errors over rings,” in EUROCRYPT’ 2010, vol. 6110 of Lecture Notes in Computer Science, pp. 1-23, Springer, 2010.Google Scholar

  • [24] W. Gasarch and A. Yerukhimovich, “Computational inexpensive PIR,” 2006. Draft available online at http://www.cs.umd.edu/~arkady/pir/pirComp.pdf.Google Scholar

  • [25] O. Regev, “New lattice based cryptographic constructions,” Journal of the ACM, vol. 51, no. 6, pp. 899-942, 2004.Google Scholar

  • [26] S. W. Smith and D. Safford, “Practical server privacy with secure coprocessors,” IBM Systems Journal, vol. 40, no. 3, pp. 683-695, 2001.Google Scholar

  • [27] E. Kushilevitz and R. Ostrovsky, “Replication is not needed: Single database, computationally-private information retrieval (extended abstract),” in FOCS: IEEE Symposium on Foundations of Computer Science (FOCS), pp. 364-373, 1997.Google Scholar

  • [28] F. Olumofin and I. Goldberg, “Revisiting the computational practicality of private information retrieval,” in Financial Cryptography and Data Security (G. Danezis, ed.), vol. 7035 of Lecture Notes in Computer Science, pp. 158-172, Springer Berlin Heidelberg, 2012.Google Scholar

  • [29] Gilles Brassard and Claude Crépeau and Jean-Marc Robert, “All-or-Nothing Disclosure of Secrets,” in CRYPTO (A. M. Odlyzko, ed.), vol. 263 of Lecture Notes in Computer Science, pp. 234-238, Springer, 1986.Google Scholar

  • [30] Z. Brakerski and V. Vaikuntanathan, “Fully homomorphic encryption from ring-lwe and security for key dependent messages,” in Advances in Cryptology - CRYPTO 2011 -31st Annual Cryptology Conference, vol. 6841, p. 501, 2011.Google Scholar

  • [31] Y. Doröz, B. Sunar, and G. Hammouri, “Bandwidth efficient pir from ntru,” in 2nd Workshop on Applied Homomorphic Cryptography and Encrypted Computing - WAHC’14, pp. 195-207, Springer, 2014.Google Scholar

  • [32] A. Kiayias, N. Leonardos, H. Lipmaa, K. Pavlyk, and Q. Tang, “Optimal rate private information retrieval from homomorphic encryption,” PoPETs, vol. 2015, no. 2, pp. 222-243, 2015.Google Scholar

  • [33] D. Pointcheval, “Le chiffrement asymétrique et la sécurité prouvée,” Habilitation à diriger des recherches, Université Paris VII, 2002.Google Scholar

  • [34] S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, vol. 28, no. 2, pp. 270-299, 1984.Google Scholar

  • [35] R. Lindner and C. Peikert, “Better key sizes (and attacks) for lwe-based encryption,” in CT-RSA (A. Kiayias, ed.), vol. 6558 of Lecture Notes in Computer Science, pp. 319-339, Springer, 2011.Google Scholar

  • [36] H. Lipmaa, “An oblivious transfer protocol with log-squared communication,” in 8th Information Security Conference (ISC’05), Singapore, vol. 3650 of Lecture Notes in Computer Science, pp. 314-328, Springer, 2005.Google Scholar

  • [37] M. J. Freedman, Y. Ishai, B. Pinkas, and O. Reingold, “Keyword Search and Oblivious Pseudorandom Functions,” vol. 3378 of Lecture Notes in Computer Science, pp. 303-324, Springer, 2005.Google Scholar

  • [38] R. Ostrovsky and W. E. Skeith III, “Private searching on streaming data,” J. Cryptology, vol. 20, no. 4, pp. 397-430, 2007.Google Scholar

  • [39] M. Finiasz and K. Ramchandran, “Private Stream Search at the same communication cost as a regular search: Role of LDPC codes,” in Information Theory Proceedings (ISIT), 2012 IEEE International Symposium on, pp. 2556-2560, 2012.Google Scholar

  • [40] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in 18th Annual Eurocrypt Conference (EUROCRYPT’99), Prague, Czech Republic, vol. 1592 of Lecture Notes in Computer Science, pp. 223-238, Springer, 1999.Google Scholar

  • [41] N. Göttert, T. Feller, M. Schneider, J. Buchmann, and S. Huss, “On the design of hardware building blocks for modern lattice-based encryption schemes,” in Cryptographic Hardware and Embedded Systems - CHES 2012 (E. Prouff and P. Schaumont, eds.), vol. 7428 of Lecture Notes in Computer Science, pp. 512-529, Springer Berlin Heidelberg, 2012.Google Scholar

  • [42] S. Halevi and V. Shoup, “Design and implementation of a homomorphic-encryption library,” 2013.Google Scholar

  • [43] Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(leveled) fully homomorphic encryption without bootstrapping,” in Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS ’12, (New York, NY, USA), pp. 309-325, ACM, 2012.Google Scholar

  • [44] D. Harvey, “Faster arithmetic for number-theoretic transforms,” J. Symb. Comput., vol. 60, pp. 113-119, 2014.Web of ScienceGoogle Scholar

  • [45] T. Güneysu, T. Oder, T. Pöppelmann, and P. Schwabe, “Software speed records for lattice-based signatures,” in Post-Quantum Cryptography (P. Gaborit, ed.), vol. 7932 of Lecture Notes in Computer Science, pp. 67-82, Springer-Verlag Berlin Heidelberg, 2013. Document ID: d67aa537a6de60813845a45505c313, http://cryptojedi.org/papers/#lattisigns.Google Scholar

  • [46] ISO/IEC, “High efficiency coding and media delivery in heterogeneous environments - part 2: High efficiency video coding,” Tech. Rep. ISO/IEC 23008-2:2013, International Standards Organization Publication, 2013.Google Scholar

  • [47] J. Ohm, G. Sullivan, H. Schwarz, T. K. Tan, and T. Wiegand, “Comparison of the coding efficiency of video coding standards;including high efficiency video coding (hevc),” Circuits and Systems for Video Technology, IEEE Transactions on, vol. 22, pp. 1669-1684, Dec 2012.Google Scholar

  • [48] T. Gupta, N. Crooks, S. Setty, L. Alvisi, and M. Walfish, “Scalable and private media consumption with popcorn.” Cryptology ePrint Archive, Report 2015/489, 2015. http: //eprint.iacr.org/.Google Scholar

  • [49] R. Sinha, C. Papadopoulos, and J. Heidemann, “Internet packet size distributions: Some observations,” Tech. Rep. ISI-TR-2007-643, USC/Information Sciences Institute, May 2007. Orignally released October 2005 as web page http://netweb.usc.edu/~rsinha/pkt-sizes/. Google Scholar

About the article

Received: 2015-08-31

Revised: 2015-11-19

Accepted: 2015-12-02

Published Online: 2015-12-30

Published in Print: 2016-04-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 2, Pages 155–174, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0010.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Alberto Pedrouzo-Ulloa, Juan Ramon Troncoso-Pastoriza, and Fernando Perez-Gonzalez
IEEE Transactions on Information Forensics and Security, 2017, Volume 12, Number 5, Page 1125

Comments (0)

Please log in or register to comment.
Log in