In (single-server) Private Information Retrieval (PIR), a server holds a large database DB of size n, and a client holds an index i∈[n] and wishes to retrieve DB[i] without revealing i to the server. It is well known that information theoretic privacy even against an “honest but curious” server requires Ω(n) communication complexity. This is true even if quantum communication is allowed and is due to the ability of such an adversarial server to execute the protocol on a superposition of databases instead of on a specific database (“input purification attack”). Nevertheless, there have been some proposals of protocols that achieve sub-linear communication and appear to provide some notion of privacy. Most notably, a protocol due to Le Gall (ToC 2012) with communication complexity O√n, and a protocol by Kerenidis et al. (QIC 2016) with communication complexity O(log(n)), and O(n) shared entanglement. We show that, in a sense, input purification is the only potent adversarial strategy, and protocols such as the two protocols above are secure in a restricted variant of the quantum honest but curious (a.k.a specious) model. More explicitly, we propose a restricted privacy notion called anchored privacy, where the adversary is forced to execute on a classical database (i.e. the execution is anchored to a classical database). We show that for measurement-free protocols, anchored security against honest adversarial servers implies anchored privacy even against specious adversaries. Finally, we prove that even with (unlimited) pre-shared entanglement it is impossible to achieve security in the standard specious model with sub-linear communication, thus further substantiating the necessity of our relaxation. This lower bound may be of independent interest (in particular recalling that PIR is a special case of Fully Homomorphic Encryption).
|Original language||American English|
|Title of host publication||Advances in Cryptology – EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings|
|Editors||Yuval Ishai, Vincent Rijmen|
|Number of pages||28|
|State||Published - 2019|
|Event||38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2019 - Darmstadt, Germany|
Duration: 19 May 2019 → 23 May 2019
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2019|
|Period||19/05/19 → 23/05/19|
Bibliographical noteFunding Information:
Acknowledgments. We thank the anonymous referees for presenting us with the work of Kerenidis et al. [KLGR16], and other valuable comments. ZB is supported by the Israel Science Foundation (Grant 468/14), Binational Science Foundation (Grants 2016726, 2014276), and by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482) and via Project PROMETHEUS (Grant 780701). OS is supported by ERC Grant 280157, by the Israel Science Foundation (Grant 682/18), and by the Cyber Security Research Center at Ben-Gurion University. CYL is financially supported from the Young Scholar Fellowship Program by Ministry of Science and Technology (MOST) in Taiwan, under Grant MOST107-2636-E-009-005. KMC is partially supported by 2016 Academia Sinica Career Development Award under Grant No. 23-17 and the Ministry of Science and Technology, Taiwan under Grant No. MOST 103-2221-E-001-022-MY3. DA and AG were supported by ERC Grant 280157 for part of the work on this project, and are supported by the Israel Science Foundation (Grant 1721/17).
© International Association for Cryptologic Research 2019.