Private Information Retrieval (PIR)

From Cryptology City
Revision as of 18:21, 19 July 2024 by Axhoover (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


A Private Information Retrieval (PIR) is a primitive that allows a client to access a specific element from a public array without revealing which array element was accessed. This primitive was originally defined in [CGKS98]. It is sometimes referred to as statistical PIR, because this article describes the unconditional primitive, which is based on no computational assumption. See either Single-server PIR or Computational Multi-server PIR for more information about the computational variants.

Formal Definition

Syntax

A -server Private Information Retrieval (PIR) for a database of size is a tuple of efficient functions , with respect to randomness space such that:

  • , is an algorithm that takes an index parameter and randomness , and queries ,
  • , is a deterministic algorithm that takes a server index , query , and array , and outputs an answer ,
  • , is an algorithm that takes an array index and answer and randomness , and outputs a bit .

Generally, we consider the size of the initial queries to be bits each and the answers to be bits each. In general, we can consider the total communication of a PIR as . And, a PIR is non-trivial only so long the communication is less than .

This primitive can also be naturally generalized to arrays with word entries longer than a single bit. However, the typical setting is the 1-bit array (also called database), since you can build a -bit PIR using just copies of a 1-bit PIR.

Correctness

A PRF is correct if for all and

where each and .

Privacy

A PRF is private if for every , , and ,

Intuitively, this means that each server observes the same query uploaded with the same probability. Notice that this and correctness are perfect or statistical notions, which have no computationally bounded adversaries.

Constructions

TODO - enumerate best known constructions

Relationship to other primitives

  • TODO - lower bound via locally decodable codes

Variations

Other Notes

  • Any PIR requires linear total computation across the servers [CGKS98]
  • Any (statistical) single-server PIR must have at least bits of communication