TY - JOUR
T1 - On share conversions for private information retrieval
AU - Paskin-Cherniavsky, Anat
AU - Schmerler, Leora
N1 - Publisher Copyright:
© 2019 by the authors.
PY - 2019
Y1 - 2019
N2 - Beimel et al. in CCC 12' put forward a paradigm for constructing Private Information Retrieval (PIR) schemes, capturing several previous constructions for k ≥ 3 servers. A key component in the paradigm, applicable to three-server PIR, is a share conversion scheme from corresponding linear three-party secret sharing schemes with respect to a certain type of "modified universal" relation. In a useful particular instantiation of the paradigm, they used a share conversion from (2, 3)-CNF over ℤm to three-additive sharing over ℤ;p β for primes p1, p2, p where p1 ≠ p2 and m = p1 · p2. The share conversion is with respect to the modified universal relation CSm. They reduced the question of whether a suitable share conversion exists for a triple (p1, p2, p) to the (in)solvability of a certain linear system over ℤ;p. Assuming a solution exists, they also provided a efficient (in m, log p) construction of such a sharing scheme. They proved a suitable conversion exists for several triples of small numbers using a computer program; in particular, p = p1 = 2, p2 = 3 yielded the three-server PIR with the best communication complexity at the time. This approach quickly becomes infeasible as the resulting matrix is of size Θ(m4). In this work, we prove that the solvability condition holds for an infinite family of (p1, p2, p)'s, answering an open question of Beimel et al. Concretely, we prove that if p1, p2 > 2 and p = p1, then a conversion of the required form exists. We leave the full characterization of such triples, with potential applications to PIR complexity, to future work. Although larger (particularly with max(p1, p2) > 3) triples do not yield improved three-server PIR communication complexity via BIKO's construction, a richer family of PIR protocols we obtain by plugging in our share conversions might have useful properties for other applications. Moreover, we hope that the analytic techniques for understanding the relevant matrices we developed would help to understand whether share conversion as above for CSm, where m is a product of more than two (say three) distinct primes, exists. The general BIKO paradigm generalizes to work for such ℤ;m's. Furthermore, the linear condition in Beimel et al. generalizes to m's, which are products of more than two primes, so our hope is somewhat justified. In case such a conversion does exist, plugging it into BIKO's construction would lead to major improvement to the state of the art of three-server PIR communication complexity (reducing Communication Complexity (CC) in correspondence with certain matching vector families).
AB - Beimel et al. in CCC 12' put forward a paradigm for constructing Private Information Retrieval (PIR) schemes, capturing several previous constructions for k ≥ 3 servers. A key component in the paradigm, applicable to three-server PIR, is a share conversion scheme from corresponding linear three-party secret sharing schemes with respect to a certain type of "modified universal" relation. In a useful particular instantiation of the paradigm, they used a share conversion from (2, 3)-CNF over ℤm to three-additive sharing over ℤ;p β for primes p1, p2, p where p1 ≠ p2 and m = p1 · p2. The share conversion is with respect to the modified universal relation CSm. They reduced the question of whether a suitable share conversion exists for a triple (p1, p2, p) to the (in)solvability of a certain linear system over ℤ;p. Assuming a solution exists, they also provided a efficient (in m, log p) construction of such a sharing scheme. They proved a suitable conversion exists for several triples of small numbers using a computer program; in particular, p = p1 = 2, p2 = 3 yielded the three-server PIR with the best communication complexity at the time. This approach quickly becomes infeasible as the resulting matrix is of size Θ(m4). In this work, we prove that the solvability condition holds for an infinite family of (p1, p2, p)'s, answering an open question of Beimel et al. Concretely, we prove that if p1, p2 > 2 and p = p1, then a conversion of the required form exists. We leave the full characterization of such triples, with potential applications to PIR complexity, to future work. Although larger (particularly with max(p1, p2) > 3) triples do not yield improved three-server PIR communication complexity via BIKO's construction, a richer family of PIR protocols we obtain by plugging in our share conversions might have useful properties for other applications. Moreover, we hope that the analytic techniques for understanding the relevant matrices we developed would help to understand whether share conversion as above for CSm, where m is a product of more than two (say three) distinct primes, exists. The general BIKO paradigm generalizes to work for such ℤ;m's. Furthermore, the linear condition in Beimel et al. generalizes to m's, which are products of more than two primes, so our hope is somewhat justified. In case such a conversion does exist, plugging it into BIKO's construction would lead to major improvement to the state of the art of three-server PIR communication complexity (reducing Communication Complexity (CC) in correspondence with certain matching vector families).
KW - CNF secret sharing
KW - Communication complexity
KW - PIR
KW - Share conversion
UR - http://www.scopus.com/inward/record.url?scp=85071944580&partnerID=8YFLogxK
U2 - 10.3390/e21090826
DO - 10.3390/e21090826
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85071944580
SN - 1099-4300
VL - 21
JO - Entropy
JF - Entropy
IS - 9
M1 - 826
ER -