[GI14] Distributed Point Functions and Their Applications

Authors: Niv Gilboa, Yuval Ishai | Venue: Eurocrypt 2014 | Source

Abstract

For $x,y\in \{0,1{\}}^{\ast }$, the point function $P_{x,y}$ is defined by $P_{x,y}(x)=y$ and $P_{x,y}(x^{\prime })=0^{|y|}$ for all $x^{\prime }\ne x$. We introduce the notion of a distributed point function (DPF), which is a keyed function family $F_k$ with the following property. Given $x,y$ specifying a point function, one can efficiently generate a key pair $(k_0,k_1)$ such that: (1) $F_{k_0}\oplus F_{k_1}=P_{x,y}$, and (2) each of $k_0$ and $k_1$ hides $x$ and $y$. Our main result is an efficient construction of a DPF under the (minimal) assumption that a one-way function exists. Distributed point functions have applications to private information retrieval (PIR) and related problems, as well as to worst-case to average-case reductions. Concretely, assuming the existence of a strong one-way function, we obtain the following applications.

• Polylogarithmic 2-server binary PIR. We present the first 2-server computational PIR protocol in which the length of each query is polylogarithmic in the database size $n$ and the answers consist of a single bit each. This improves over the $2^{O(\log n)}$ query length of the protocol of Chor and Gilboa (STOC ’97). Similarly, we get a polylogarithmic “PIR writing” scheme, allowing secure non-interactive updates of a database shared between two servers. Assuming just a standard one-way function, we get the first 2-server private keyword search protocol in which the query length is polynomial in the keyword size, the answers consist of a single bit, and there is no error probability. In all these protocols, the computational cost on the server side is comparable to applying a symmetric encryption scheme to the entire database.
• Worst-case to average-case reductions. We present the first worst-case to average-case reductions for PSPACE and EXPTIME complete languages that require only a constant number of oracle queries. These reductions complement a recent negative result of Watson (TOTC ’12).

BibTeX

Copy

@Inproceedings{EC:GilIsh14,
  author = {Niv Gilboa and Yuval Ishai},
  title = {Distributed Point Functions and Their Applications},
  pages = {640--658},
  editor = {Phong Q. Nguyen and Elisabeth Oswald},
  booktitle = {Advances in Cryptology -- {EUROCRYPT}~2014},
  volume = {8441},
  series = {Lecture Notes in Computer Science},
  address = {Copenhagen, Denmark},
  month = {may~11--15},
  publisher = {Springer Berlin Heidelberg, Germany},
  year = {2014},
  doi = {10.1007/978-3-642-55220-5_35},
}