Similarity Based Interactive Private Information Retrieval

Sashank Dara; V. N. Muralidhara

doi:10.1007/978-3-319-71501-8_9

International Conference on Security, Privacy, and Applied Cryptography Engineering

SPACE 2017: Security, Privacy, and Applied Cryptography Engineering pp 151-169 | Cite as

Similarity Based Interactive Private Information Retrieval

Authors
Authors and affiliations

Sashank Dara
V. N. Muralidhara

Conference paper

First Online: 22 November 2017

Part of the Lecture Notes in Computer Science book series (LNCS, volume 10662)

Abstract

Private Information Retrieval (PIR) schemes address users’ privacy concerns while querying public databases. Two major advancements that are needed for designing practical privacy preserving applications are: (i) constant communication complexity and (ii) private retrieval of matching documents. In this paper, we propose a new family of interactive schemes namely SIMPIR, that allow participating servers to interact with each other. Our methods are similarity based (i.e. the results could contain false positives but do not contain any false negatives). Importantly our approach has constant communication complexity agnostic of the size of database which is major improvement from known schemes. We achieve these results by slightly relaxing the traditional requirements of PIR schemes.

Keywords

Private information retrieval Encryption switching protocols Homomorphic encryption

This is a preview of subscription content, to check access.

Notes

Acknowledgments

We would like to thank Cisco Systems for supporting this work.

A Computational - SIMPIR

We present the complete version of the advanced C-SIMPIR protocol here.

1.

Setup: The User configures creates the keypairs and Shares them among the auxiliary server (AS) and database server (DB) for encryption switching protocols to function.
2.

DB_Preparation, Query_Gen are same as basic protocol.
3.

Response_Gen: The database server generates $ \delta \textit{-psim}^a $ for each document $D_i$ in the database and initiates ciphertext encryption switching protocol (ESP) to switch the value to $ \delta \textit{-psim}^m $. Subsequently $ \prod _{j=1}^{j=n} \delta \textit{-psim}^m $ is computed w.r.t all the documents.
4.

Process_Res: User retrieves the response $\mathcal {RES}$ and decrypts it. If it is 0 then the input document $D_u$ matches with Server’s document $D_s$ as defined by the similarity factor (SF).
$$ Match = {\left\{ \begin{array}{ll} \textit{if } \mathcal {DEC}_{S_k}\left( \prod _{j=1}^{j=n} \delta \textit{-psim}^m \right) = 0 \textit{ then } \mathcal {SIM}(D_u,D_s) = \mathcal {SF}\\ else \quad \mathcal {SIM}(D_u,D_s) \ne \mathcal {SF} \end{array}\right. } $$

B Information Theoretic - SIMPIR

We present the complete version of the advanced IT-SIMPIR protocol here.

1.

DB_Preparation: The tf-idf vectors for all the documents are computed and replicated in k database servers $\mathcal {DB}_l$. Lets say for each document $D_s $ its vector is $ [b_1,b_2, \cdots , b_k]$ and its magnitude $||D_s|| = \sqrt{\sum _{j=1}^{j=k} b^2_{j}}$ is calculated.
2.

Query_Gen: Let user’s document $D_u = [a_{1},a_{2}, \dots , a_{k}] $ for which the private similarity check need to be performed. An Secret Sharing Scheme is used to share the terms of the document. Query vector $\mathcal {Q}^i_u = ([ q_1, q_2, \dots , q_k]$ for $\mathcal {DB}_i$ is defined as below. User also computes respective shares of $ (\mathcal {SF} \times ||D_u||))$ for each $\mathcal {DB}_i$.
$$\begin{aligned} \mathcal {Q}^i_u&=([Share_i(a_{1}), Share_i(a_{2}), .., Share_i(a_{k})] \quad \forall i \in (1,l)\; servers \end{aligned}$$
3.

Response_Gen: Each database server ($\mathcal {DB}_i$) receives its respective query vector, $\mathcal {Q}^i_u$, and computes the dot product for each document in the database. This is done blindfold using additive homomorphic properties of the secret sharing scheme. Subsequently the response per each server’s document $D_s$ is calculated, this would be a constant $\mathcal {RES}$ is:
$$\begin{aligned} |Q_u. D_{s}|&= {\sum _{j=1}^{j=k} q_j.b_{j}} = q_1 . b_1 + q_2 . b_2+ \cdots + q_k . b_k \\&= Share_i(a_{1}) . b_1 +Share_i(a_{2}) . b_2 +\cdots + Share_i(a_{k}) . b_k \\&= Share_i({\sum _{j=1}^{j=k} a_j.b_{j}}) \\ \mathcal {RES}&= Share_i({\sum _{j=1}^{j=k} a_j.b_{j}}) - Share_i(\mathcal {SF} \times ||D_u||) \times ||D_s|| \\&= Share_i({\sum _{j=1}^{j=k} a_j.b_{j}}) - Share_i (\mathcal {SF} \times ||D_u|| \times ||D_s|| )\\&= Share_i(\delta \textit{-sim}) \end{aligned}$$
Subsequently MPC protocol is initiated among all the database servers ( $\mathcal {DB}_i$ ) in order to compute their respective share of $Share_i(\prod _{j=1}^{j=n} (\delta \textit{-sim}_j))$.
4.

Process_Res: User retrieves the all the respective shares of the $\mathcal {RES}$ from the database servers $\mathcal {DB}_i$ and reconstructs $\delta \textit{-sim}$. If it is 0 then the input document $D_u$ matches with Server’s document $D_s$ as defined by the similarity factor (SF).
$$\begin{aligned} \delta \textit{-sim}&= reconstruct(Share_i(\delta \textit{-sim}))\forall i \in (1,l) \\ Match&= {\left\{ \begin{array}{ll} \textit{if } (\delta \textit{-psim} ) = 0 \textit{ then } \mathcal {SIM}(D_u,D_s) = \mathcal {SF}\\ else \quad \mathcal {SIM}(D_u,D_s) \ne \mathcal {SF} \end{array}\right. } \end{aligned}$$

The deviation from original assumptions of IT-PIR schemes is that in our protocols the servers communicate with each other in a non-colluding way to perform MPC protocols.

References

1.
https://www.torproject.org/ (2016)
2.
Term frequency - inverse document frequency (2016). https://en.wikipedia.org/wiki/Tf-idf
3.
Aguilar-Melchor, C., Barrier, J., Fousse, L., Killijian, M.O.: Xpire: Private information retrieval for everyone. Technical report, Cryptology ePrint Archive, Report 2014/1025 (2014)Google Scholar
4.
Beimel, A., Ishai, Y., Malkin, T.: Reducing the servers computation in private information retrieval: PIR with preprocessing. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 55–73. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_4 CrossRefGoogle Scholar
5.
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference 1979, vol. 48, pp. 313–317 (1979)Google Scholar
6.
Bogdanov, D.: Foundations and properties of Shamir’s secret sharing scheme. University of Tartu, Institute of Computer Science, 1 May 2007Google Scholar
7.
Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_29 CrossRefGoogle Scholar
8.
Chang, Y.-C.: Single database private information retrieval with logarithmic communication. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 50–61. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_5 CrossRefGoogle Scholar
9.
Chor, B., Gilboa, N.: Computationally private information retrieval. In: Proceedings of the twenty-Ninth Annual ACM Symposium on Theory of Computing, pp. 304–313. ACM (1997)Google Scholar
10.
Chor, B., Gilboa, N., Naor, M.: Private information retrieval by keywords. Citeseer (1997)Google Scholar
11.
Couteau, G., Peters, T., Pointcheval, D.: Encryption switching protocols. Technical report, Cryptology ePrint Archive, Report 2015/990 (2015). http://eprint.iacr.org
12.
Couteau, G., Peters, T., Pointcheval, D.: Secure distributed computation on private inputs. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 14–26. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30303-1_2 CrossRefGoogle Scholar
13.
Cramer, R., Damgård, I.: Multiparty computation, an introduction. In: Catalano, D., Cramer, R., Di Crescenzo, G., Darmgård, I., Pointcheval, D., Takagi, T. (eds.) Contemporary Cryptology, pp. 41–87. Springer, Heidelberg (2005). https://doi.org/10.1007/3-7643-7394-6_2 CrossRefGoogle Scholar
14.
Devet, C., Goldberg, I.: The best of both worlds: combining information-theoretic and computational PIR for communication efficiency. In: De Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 63–82. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08506-7_4 Google Scholar
15.
Dong, C., Chen, L.: A fast single server private information retrieval protocol with low communication cost. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 380–399. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_22 Google Scholar
16.
Gavin, G., Minier, M.: Oblivious multi-variate polynomial evaluation. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 430–442. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10628-6_28 CrossRefGoogle Scholar
17.
Goldberg, I.: Improving the robustness of private information retrieval. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 131–148. IEEE (2007)Google Scholar
18.
Henry, R., Olumofin, F., Goldberg, I.: Practical PIR for electronic commerce. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 677–690. ACM (2011)Google Scholar
19.
Kikuchi, H.: Private revocation test using oblivious membership evaluation protocol. In: 3rd Annual PKI R&D Workshop. Citeseer (2004)Google Scholar
20.
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: FOCS, p. 364. IEEE (1997)Google Scholar
21.
Lim, H.W., Tople, S., Saxena, P., Chang, E.C.: Faster secure arithmetic computation using switchable homomorphic encryption. IACR Cryptology ePrint Archive 2014/539 (2014)Google Scholar
22.
Mittal, P., Olumofin, F.G., Troncoso, C., Borisov, N., Goldberg, I.: PIR-Tor: scalable anonymous communication using private information retrieval. In: USENIX Security Symposium (2011)Google Scholar
23.
Olumofin, F., Goldberg, I.: Privacy-preserving queries over relational databases. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 75–92. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_5 CrossRefGoogle Scholar
24.
Olumofin, F., Goldberg, I.: Revisiting the computational practicality of private information retrieval. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 158–172. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_13 CrossRefGoogle Scholar
25.
Ostrovsky, R., Skeith, W.E.: A survey of single-database private information retrieval: techniques and applications. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 393–411. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_26 CrossRefGoogle Scholar
26.
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16 Google Scholar
27.
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
28.
Singhal, A.: Modern information retrieval: a brief overview. IEEE Data Eng. Bull. 24(4), 35–43 (2001)Google Scholar

Copyright information

Authors and Affiliations

Sashank Dara
- 1
- 2
Email author
V. N. Muralidhara
- 2

1.Cisco Systems Inc.BangaloreIndia
2.International Institute of Information Technology, BangaloreBangaloreIndia