Crypto Seminar

— 4:30pm

Location:
In Person and Virtual - ET (New Time) - Mehrabian Collaborative Innovation Center 2201 and Zoom

Speaker:
MATAN SHTEPEL , Research Assistant, Security and Privacy Laboratory, Department of Computer and Information Science, University of Pennsylvania
https://matanshtepel.com/

Maliciously-secure PIR (almost) for free

Private Information Retrieval (PIR) enables a client to retrieve a database element from a semi-honest server while hiding the element being queried from the server. Maliciously-secure PIR (mPIR) [Colombo et al., USENIX~'23] strengthens the guarantees of plain (i.e., semi-honest) PIR by ensuring that even a misbehaving server:

  • cannot compromise client privacy via selective-failure attacks, and 
  • must answer every query consistently (i.e., with respect to the same database). 

These additional security properties are crucial for many real-world applications. 

In this work we present a generic compiler that transforms any PIR scheme into an mPIR scheme in a black-box manner, with minimal overhead, and without requiring additional cryptographic assumptions. Since mPIR trivially implies PIR, our compiler establishes the equivalence of mPIR and PIR. By instantiating our compiler with existing PIR schemes, we immediately obtain mPIR schemes with O(Nε) communication cost. In fact, by applying our compiler to a recent doubly-efficient PIR [Lin et al., STOC~'23], we are able to construct a doubly-efficient mPIR scheme that requires only \polylog(N) communication and server and client computation. In comparison, all prior work incur a Ω(√N) cost in these metrics.

Our compiler makes use of smooth locally-decodable codes (LDCs) that have a robust decoding procedure. We term these codes "subcode''-LDCs, because they are LDCs where the query responses are from an error-correcting code. This property is shared by Reed-Muller codes (whose query responses are Reed-Solomon codewords) and more generally lifted codes.

Applying our compiler requires us to consider decoding in the face of non-signaling adversaries, for reasons analogous to the need for non-signaling PCPs in the succinct-argument literature. We show how to construct such decoders for Reed–Muller codes, and more generally for smooth locally-decodable codes that have a robust decoding procedure. I

n Person and Zoom Participation. See announcement.

Event Website:
https://sites.google.com/view/crypto-seminar/home

Add event to Google
Add event to iCal