The Best of Both Worlds: Combining Information-Theoretic and Computational Private Information Retrieval for Communication Efficiency

Abstract

The goal of Private Information Retrieval (PIR) is the ability to query a database successfully without the operator of the database server discovering which record(s) of the database the querier is interested in. There are two main classes of PIR protocols: those that provide privacy guarantees based on the computational limitations of servers, called computational PIR or CPIR, and those that rely on multiple servers not colluding for privacy, called information-theoretic PIR or IT-PIR. These two classes have different advantages and disadvantages that make them more or less attractive to designers of PIR-enabled privacy enhancing technologies.

We present a hybrid PIR protocol that combines two PIR protocols: one CPIR protocol and one IT-PIR protocol. Our protocol inherits many positive aspects of both classes and mitigates some of the negative aspects. For example, our hybrid protocol maintains partial privacy when the security assumptions of one of the component protocols is broken, mitigating the privacy loss in such an event. We have implemented our protocol as an extension of the Percy++ library so that it combines a PIR protocol by Aguilar Melchor and Gaborit with one by Goldberg. We show that our hybrid protocol uses less communication than either of these component protocols and that our scheme is particularly beneficial when the number of records in a database is large compared to the size of the records. This situation arises in applications such as TLS certificate verification, anonymous communications systems, private LDAP lookups, and others.

The server-side computation involved in the PIR protocols that we discuss in this thesis all lend themselves to parallelization. As an extension to the Percy++ library we have implemented parallelized server computation for each of these protocols using both multithreading and distributed computation. We show that using parallelization allows the servers to reduce the latency involved in serving PIR queries.