Public-Key Locally-Decodable Codes

  • Brett Hemenway
  • Rafail Ostrovsky
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5157)


In this paper we introduce the notion of a Public-Key Encryption Scheme that is also a Locally-Decodable Error-Correcting Code (PKLDC). In particular, we allow any polynomial-time adversary to read the entire ciphertext, and corrupt a constant fraction of the bits of the entire ciphertext. Nevertheless, the decoding algorithm can recover any bit of the plaintext with all but negligible probability by reading only a sublinear number of bits of the (corrupted) ciphertext.

We give a general construction of a PKLDC from any Semantically-Secure Public Key Encryption (SS-PKE) and any Private Information Retrieval (PIR) protocol. Since Homomorphic encryption implies PIR, we also show a reduction from any Homomorphic encryption protocol to PKLDC.

Applying our construction to the best known PIR protocol (that of Gentry and Ramzan), we obtain a PKLDC, which for messages of size n and security parameter k achieves ciphertexts of size \(\mathcal{O}(n)\), public key of size \(\mathcal{O}(n+k)\), and locality of size \(\mathcal{O}(k^2)\). This means that for messages of length n = ω(k2 + ε), we can decode a bit of the plaintext from a corrupted ciphertext while doing computation sublinear in n.


Public Key Cryptography Locally Decodable Codes Error Correcting Codes Bounded Channel Model Chinese Remainder Theorem Private Information Retrieval 


  1. 1.
    Katz, J., Trevisan, L.: On the efficiency of local decoding procedures for error-correcting codes. In: STOC 2000: Proceedings of the 32nd Annual Symposium on the Theory of Computing, pp. 80–86 (2000)Google Scholar
  2. 2.
    Yekhanin, S.: Towards 3-Query Locally Decodable Codes of Subexponential Length. In: Proceedings of the 39th ACM Symposiom on the Theory of Computinng (STOC) (2007)Google Scholar
  3. 3.
    Lipton, R.J.: A new approach to information theory. In: Enjalbert, P., Mayr, E.W., Wagner, K.W. (eds.) STACS 1994. LNCS, vol. 775, pp. 699–708. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Gopalan, P., Lipton, R.J., Ding, Y.Z.: Error correction against computationally bounded adversaries (manuscript, 2004)Google Scholar
  5. 5.
    Micali, S., Peikert, C., Sudan, M., Wilson, D.A.: Optimal error correction against computationally bounded noise. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Ostrovsky, R., Pandey, O., Sahai, A.: Private locally decodable codes. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 298–387. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Gentry, C., Ramzan, Z.: Single-database private information retrieval with constant communication rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval. In: IEEE Symposium on Foundations of Computer Science, pp. 364–373 (1997)Google Scholar
  9. 9.
    Ostrovsky, R., Skeith III, W.E.: A survey of single-database private information retrieval: Techniques and applications. In: Skeith III, W.E. (ed.) PKC 2007. LNCS, vol. 4450, pp. 393–411. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999)Google Scholar
  13. 13.
    Shannon, C.E.: A Mathematical Theory of Communication. Bell System Technical Journal 27, 343–379, 623–656 (1948)MathSciNetGoogle Scholar
  14. 14.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R.: Sufficient conditions for collision resistant hashing. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 445–456. Springer, Heidelberg (2005)Google Scholar
  15. 15.
    Chang, Y.C.: Single database private information retrieval with logarithmic communication. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: CCS 1998: Proceedings of the 5th ACM conference on Computer and communications security, pp. 59–66. ACM Press, New York (1998)CrossRefGoogle Scholar
  17. 17.
    Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: CRYPTO 1984, pp. 10–18. Springer, New York (1985)Google Scholar
  18. 18.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Batch codes and their applications. In: STOC 2004: Proceedings of the thirty-sixth annual ACM symposion the theory of computing, pp. 373–382. ACM Press, New York (2004)Google Scholar
  19. 19.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28 (2), 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Benaloh, J.D.C.: Verifiable secret-ballot elections. PhD thesis. Yale University (1987)Google Scholar
  21. 21.
    Benaloh, J.C.: Dense probabilistic encryption. In: Proceedings of the Workshop on Selected Areas in Cryptography, pp. 120–128 (1994)Google Scholar
  22. 22.
    Hemenway, B., Ostrovsky, R.: Public key locally decodable codes (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Brett Hemenway
    • 1
  • Rafail Ostrovsky
    • 2
  1. 1.Department of MathematicsUniversity of CaliforniaLos Angeles
  2. 2.Department of Computer Science and Department of MathematicsUniversity of CaliforniaLos Angeles

Personalised recommendations