Paper 2020/1592

Puncturable Pseudorandom Sets and Private Information Retrieval with Near-Optimal Online Bandwidth and Time

Elaine Shi, Waqar Aqeel, Balakrishnan Chandrasekaran, and Bruce Maggs


Imagine one or more non-colluding servers each holding a large public database, e.g., the repository of DNS entries. Clients would like to access entries in this database without disclosing their queries to the servers. Classical private information retrieval (PIR) schemes achieve polylogarithmic bandwidth per query, but require the server to perform linear computation per query, which is a significant barrier towards deployment. Several recent works showed, however, that by introducing a one-time, per-client, off-line preprocessing phase, an \emph{unbounded} number of client queries can be subsequently served with sublinear online computation time per query (and the cost of the preprocessing can be amortized over the unboundedly many queries). Existing preprocessing PIR schemes (supporting unbounded queries), unfortunately, make undesirable tradeoffs to achieve sublinear online computation: they are either significantly non-optimal in online time or bandwidth, %they either require %$\sqrt{n}$ or more bandwidth per query, which is asymptotically %worse than classical PIR schemes, or require the servers to store a linear amount of state per client or even per query, or require polylogarithmically many non-colluding servers. We propose a novel 2-server preprocessing PIR scheme that achieves $\widetilde{O}(\sqrt{n})$ online computation per query and $\widetilde{O}(\sqrt{n})$ client storage, while preserving the polylogarithmic online bandwidth of classical PIR schemes. Both the online bandwidth and computation are optimal up to a poly-logarithmic factor. In our construction, each server stores only the original database and nothing extra, and each online query is served within a single round trip. Our construction relies on the standard LWE assumption. As an important stepping stone, we propose new, more generalized definitions for a cryptographic object called a Privately Puncturable Pseudorandom Set, and give novel constructions that depart significantly from prior approaches.

Note: This is the online full version that includes full details and proofs.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2021
private information retrievalpuncturable pseudorandom set
Contact author(s)
runting @ gmail com
2021-06-22: last of 3 revisions
2020-12-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Elaine Shi and Waqar Aqeel and Balakrishnan Chandrasekaran and Bruce Maggs},
      title = {Puncturable Pseudorandom Sets and Private Information Retrieval with Near-Optimal Online Bandwidth and Time},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1592},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.