Cryptology ePrint Archive: Report 2019/1483

Communication--Computation Trade-offs in PIR

Asra Ali and Tancrède Lepoint and Sarvar Patel and Mariana Raykova and Phillipp Schoppmann and Karn Seth and Kevin Yeo

Abstract: We study the computation and communication costs and their possible trade-offs in various constructions for private information retrieval (PIR), including schemes based on homomorphic encryption and the Gentry--Ramzan PIR (ICALP'05).

We improve over the construction of SealPIR (S&P'18) using compression techniques and a new oblivious expansion, which reduce the communication bandwidth by 60% while preserving essentially the same computation cost. We then present MulPIR, a PIR protocol leveraging multiplicative homomorphism to implement the recursion steps in PIR. This eliminates the exponential dependence of PIR communication on the recursion depth due to the ciphertext expansion, at the cost of an increased computational cost for the server. Additionally, MulPIR outputs a regular homomorphic encryption ciphertext, which can be homomorphically post-processed. As a side result, we describe how to do conjunctive and disjunctive PIR queries.

On the other end of the communication--computation spectrum, we take a closer look at Gentry--Ramzan PIR, a scheme with asymptotically optimal communication rate. Here, the bottleneck is the server's computation, which we manage to reduce significantly. Our optimizations enable a tunable trade-off between communication and computation, which allows us to reduce server computation by as much as 85%, at the cost of an increased query size. We further show how to efficiently construct PIR for sparse databases. Our constructions support batched queries, as well as symmetric PIR.

We implement all of our PIR constructions, and compare their communication and computation overheads with respect to each other for several application scenarios.

Category / Keywords: applications / Private Information Retrieval, Gentry-Ramzan, RLWE, Homomorphic Encryption

Date: received 24 Dec 2019, last revised 27 Jun 2020

Contact author: asraa at google com,tancrede@google com,sarvar@google com,marianar@google com,karn@google com,kwlyeo@google com,schoppmann@informatik hu-berlin de

Available format(s): PDF | BibTeX Citation

Version: 20200627:141309 (All versions of this report)

Short URL: ia.cr/2019/1483


[ Cryptology ePrint archive ]