## תקציר

Private Information Retrieval (PIR) protocols, which allow the client to obtain data from servers without revealing its request, have many applications such as anonymous communication, media streaming, blockchain security, advertisement, etc. Multi-server PIR protocols, where the database is replicated among the non-colluding servers, provide high efficiency in the informationtheoretic setting. Beimel et al. in CCC 12’ (further referred to as BIKO) put forward a paradigm for constructing multi-server PIR, capturing several previous constructions for k ≥ 3 servers, as well as improving the best-known share complexity for 3-server PIR. A key component there is a share conversion scheme from corresponding linear three-party secret sharing schemes with respect to a certain type of “modified universal” relation. In a useful particular instantiation of the paradigm, they used a share conversion from (2, 3)-CNF over ℤ_{m} to three-additive sharing over ℤ^{β}p for primes p_{1}, p_{2}, p where p_{1} ≠ p_{2} and m = p_{1} · p_{2}, and the relation is modified universal relation C_{Sm} . They reduced the question of the existence of the share conversion for a triple (p_{1}, p_{2}, p) to the (in)solvability of a certain linear system over ℤ_{p}, and provided an efficient (in m, log p) construction of such a sharing scheme. Unfortunately, the size of the system is Θ(m^{2} ) which entails the infeasibility of a direct solution for big m’s in practice. Paskin–Cherniavsky and Schmerler in 2019 proved the existence of the conversion for the case of odd p_{1}, p_{2} when p = p_{1}, obtaining in this way infinitely many parameters for which the conversion exists, but also for infinitely many of them it remained open. In this work, using some algebraic techniques from the work of Paskin–Cherniavsky and Schmerler, we prove the existence of the conversion for even m’s in case p = 2 (we computed β in this case) and the absence of the conversion for even m’s in case p > 2. This does not improve the concrete efficiency of 3-server PIR; however, our result is promising in a broader context of constructing PIR through composition techniques with k ≥ 3 servers, using the relation C_{Sm} where m has more than two prime divisors. Another our suggestion about 3-server PIR is that it’s possible to achieve a shorter server’s response using the relation C_{S}′_{m} for extended S^{′}m ⊃ S_{m} . By computer search, in BIKO framework we found several such sets for small m’s which result in share conversion from (2, 3)-CNF over ℤ_{m} to 3-additive secret sharing over ℤ^{β′} p, where β^{′} > 0 is several times less than β, which implies several times shorter server’s response. We also suggest that such extended sets S^{′}m can result in better PIR due to the potential existence of matching vector families with the higher Vapnik-Chervonenkis dimension.

שפה מקורית | אנגלית |
---|---|

מספר המאמר | 497 |

כתב עת | Entropy |

כרך | 24 |

מספר גיליון | 4 |

מזהי עצם דיגיטלי (DOIs) | |

סטטוס פרסום | פורסם - אפר׳ 2022 |