Privacy-Preserving Queries over Relational Databases

  • Femi Olumofin
  • Ian Goldberg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6205)


We explore how Private Information Retrieval (PIR) can help users keep their sensitive information from being leaked in an SQL query. We show how to retrieve data from a relational database with PIR by hiding sensitive constants contained in the predicates of a query. Experimental results and microbenchmarking tests show our approach incurs reasonable storage overhead for the added privacy benefit and performs between 7 and 480 times faster than previous work.


Private information retrieval relational databases SQL 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aguilar-Melchor, C., Gaborit, P.: A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol. Cryptol. ePrint Arch., Report 446 (2007)Google Scholar
  2. 2.
    Arge, L., Procopiuc, O., Vitter, J.S.: Implementing I/O-efficient Data Structures Using TPIE. In: Möhring, R.H., Raman, R. (eds.) ESA 2002. LNCS, vol. 2461, pp. 88–100. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Beimel, A., Stahl, Y.: Robust Information-Theoretic Private Information Retrieval. J. Cryptol. 20(3), 295–321 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bethencourt, J., Song, D., Waters, B.: New Techniques for Private Stream Searching. ACM Trans. Inf. Syst. Secur. 12(3), 1–32 (2009)CrossRefGoogle Scholar
  5. 5.
    Botelho, F.C., Reis, D., Ziviani, N.: CMPH: C minimal perfect hashing library on SourceForge,
  6. 6.
    Botelho, F.C., Ziviani, N.: External perfect hashing for very large key sets. In: ACM CIKM, pp. 653–662 (2007)Google Scholar
  7. 7.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  8. 8.
    Chor, B., Gilboa, N., Naor, M.: Private information retrieval by keywords. Technical Report TR CS0917, Dept. of Computer Science, Technion, Israel (1997)Google Scholar
  9. 9.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: FOCS, October 1995, pp. 41–50 (1995)Google Scholar
  10. 10.
    Crescenzo, G.D.: Towards Practical Private Information Retrieval. In: Achieving Practical Private Information Retrieval (Panel @ Securecomm 2006) (August 2006)Google Scholar
  11. 11.
    Department of Computer Science at Duke University. The TPIE (Templated Portable I/O Environment),
  12. 12.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security Symposium, p. 21 (2004)Google Scholar
  13. 13.
    Goldberg, I.: Percy++ project on SourceForge,
  14. 14.
    Goldberg, I.: Improving the Robustness of Private Information Retrieval. In: IEEE Symposium on Security and Privacy, pp. 131–148 (2007)Google Scholar
  15. 15.
    Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in the database-service-provider model. In: ACM SIGMOD, pp. 216–227 (2002)Google Scholar
  16. 16.
    Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: VLDB, pp. 720–731 (2004)Google Scholar
  17. 17.
    ICANN Security and Stability Advisory Committee (SSAC). Report on Domain Name Front Running (February 2008)Google Scholar
  18. 18.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: FOCS, p. 364 (1997)Google Scholar
  19. 19.
    Mishra, S.K., Sarkar, P.: Symmetrically Private Information Retrieval. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 225–236. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: ACM Symposium on Theory of Computing, pp. 245–254 (1999)Google Scholar
  21. 21.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: ACM-SIAM SODA, pp. 448–457 (2001)Google Scholar
  22. 22.
    Olumofin, F., Goldberg, I.: Privacy-preserving Queries over Relational Databases. Technical report, CACR 2009-37, University of Waterloo (2009)Google Scholar
  23. 23.
    Reardon, J., Pound, J., Goldberg, I.: Relational-Complete Private Information Retrieval. Technical report, CACR 2007-34, University of Waterloo (2007)Google Scholar
  24. 24.
    Sassaman, L., Cohen, B., Mathewson, N.: The Pynchon Gate: a Secure Method of Pseudonymous Mail Retrieval. In: ACM WPES, pp. 1–9 (2005)Google Scholar
  25. 25.
    Shi, E., Bethencourt, J., Chan, T.-H.H., Song, D., Perrig, A.: Multi-Dimensional Range Query over Encrypted Data. In: IEEE SSP, pp. 350–364 (2007)Google Scholar
  26. 26.
    Silberschatz, A., Korth, H.F., Sudarshan, S.: Database System Concepts, 5th edn. McGraw-Hill, Inc., New York (2005)zbMATHGoogle Scholar
  27. 27.
    Sion, R., Carbunar, B.: On the Computational Practicality of Private Information Retrieval. In: Network and Distributed Systems Security Symposium (2007)Google Scholar
  28. 28.
    Sun Microsystems. MySQL,
  29. 29.
    Transaction Processing Performance Council. Benchmark C,
  30. 30.
    Vengroff, D.E., Scott Vitter, J.: Supporting I/O-efficient scientific computation in TPIE. In: IEEE Symp. on Parallel and Distributed Processing, p. 74 (1995)Google Scholar
  31. 31.
    Williams, P., Sion, R.: Usable PIR. In: Network and Distributed System Security Symposium. The Internet Society (2008)Google Scholar
  32. 32.
    Wong, M., Thomas, C.: Database Test Suite project on SourceForge,

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Femi Olumofin
    • 1
  • Ian Goldberg
    • 1
  1. 1.Cheriton School of Computer ScienceUniversity of WaterlooWaterlooCanada

Personalised recommendations