On Locally Decodable Codes Self Correctable Codes t-private PIR and Omer Barkol, Yuval Ishai and...
-
Upload
kelley-cross -
Category
Documents
-
view
228 -
download
0
Transcript of On Locally Decodable Codes Self Correctable Codes t-private PIR and Omer Barkol, Yuval Ishai and...
On Locally Decodable Codes
Self Correctable Codes
t-private PIRand
Omer Barkol, Yuval Ishai and Enav Weinreb
Technion, Israel
On Locally Decodable Codes
Self Correctable Codesand
Omer Barkol, Yuval Ishai and Enav Weinreb
Technion, Israel
ServerClient
[CGKS95]
Want: Correctness and privacy for the client
Communication: Only the trivial Ω(n) solution
i∈[n]
i?xi
q
A(q,x) x∈{0,1}n
t-private PIRP IR
Private Information Retrieval
Client
i
xit servers
x
x∈{0,1}n
x
k servers
i?
[CGKS95]
Private Information Retrievalt-private
q1
A(q1,x)
q2
A(q2,x)
P I Rk-server PIR
PIRt-privateBest known
ServersPaper
K=2
K=3Const. k
CGKS95, BI01,WY05
n1/3n1/5n1/(2k-1)
BIKR02n1/3n1/5.25nloglogk/klogk
Yek07-n10-7
(or n1/loglogn)
t-private version
✔
?
?
Cmessage x encoding
C(x)i
C:{0,1}n→{0,1}m(
n)
is a k-LDC
Randomized Decoder D
k-query LDC
C:{0,1}n→{0,1}
m
k-server PIR
logm query bits
1 bit answer
[KT00]
xi
k
On Locally Decodable Codes
Self Correctable Codes
t-private PIRand
Omer Barkol, Yuval Ishai and Enav Weinreb
Technion, Israel
Best known LDCs
ProbesPaper
K=3Const. k
BF90, CGKS95, BI01
exp(n1/2)exp(n1/(k-1) )
BIKR02exp(n1/2
)exp(nloglogk/klogk )
Yek07exp(n10-7 )
(or exp( n1/loglogn ))
On Locally Decodable Codes
Self Correctable Codes
t-private PIRand
Cmessage x encoding C(x)
j
C:{0,1}n→{0,1}m(
n)
is a k-SCC
Randomized Corrector M
systematick-LDC
Omer Barkol, Yuval Ishai and Enav Weinreb
Technion, Israel
linear k-query SCC
C:{0,1}n→{0,1}
m
linear k-query LDC
C:{0,1}n→{0,1}
m
k
C(x)j
Is it SCC?
✔
?
?
SCC LDC ?
ProbesPaper
K=3Const. k
BF90, CGKS95, BI01
exp(n1/2)exp(n1/(k-1) )
BIKR02exp(n1/2
)exp(nloglogk/klogk )
Yek07exp(n10-7 )
(or exp( n1/loglogn ))
Reed-Muller based
Main Problems
Closing the gap between:• 1-private and t-private PIR• LDC and SCC
RM SCC upper bound
Yek07 LDC upper bound
LDC lower bound
Talk Outline
•Notions and current state
•Our contributions: highlights
•Our contributions: technical details
•Summary and open issues
Our Contributions (1)
1-private k-server
PIR
t-private kt-server
PIR
1-private k-server SRPIR
t-private kt-server
PIR
k-LD
Ck-
SCC
Communication preserving transformations
Best known t-private PIR
?
ServersPaper
K=2
K=3Const. k
CGKS95, BI01,WY05
n1/3n1/5n1/(2k-1)
BIKR02n1/3n1/5.25nloglogk/klogk
Yek07-n10-7
(or n1/loglogn)
t-private version
✔
?
kt
servers
Main Problems
Closing the gap between:• 1-private and t-private PIR• LDC and SCC
Closing the gap of
LDC vs. SCC
Closing the question on t-private PIR
RM SCC upper bound
Yek07 LDC upper bound
LDC lower bound
Linear SCC vs. Combinatorial designs
Based on Hamada’s Conjecture (1973):
Evidence for difficulty of progress on the LDC vs. SCC question
Our Contributions (2)
LDC vs. SCC
Is it SCC?
✔
?
?
ProbesPaper
K=3Const. k
BF90, CGKS95, BI01
exp(n1/2)exp(n1/(k-1) )
BIKR02exp(n1/2
)exp(nloglogk/klogk )
Yek07exp(n10-7 )
(or exp( n1/loglogn ))
?
Talk Outline
•Notions and current state
•Our contributions: highlights
•Our contributions: technical details
•Summary and open issues
1-private PIR t-private PIR
1-private k-server
PIR
t-private kt-server
PIR
k-LD
C
iX
S1,1 S1,2 S1,3
S2,1 S2,2 S2,3
S3,1 S3,2 S3,3
i ≡ i1 + i2
Xi1+i2=Xi
q1(i2)
q2(i2)
q3(i2)
X=X<<0X<
<1X<<2⋮
X<<i2⋮⋮
X<<n-1
i1
i
1-private 3-server PIR to
2-private 32-server PIR q1(i1) q2(i1) q3(i1)
A1 A2 A3A A A
i2? i?
i1? i?
A1 A2 A3
1-private k-server SRPIR
t-private kt-server
PIR
k-SC
C1-private PIR t-private PIR
t(k-1)+1
Xi
1-private 3-server SRPIR to
2-private 5-server PIR
q1 q2q3
A(q3,x)A(q2,x)A(q1,x)
S1 S2 S3q11q12 q13
S1 S2 S3
q23q12 q22q31 q32
q33
xi
S? S? S?S? S? S?S1 S4 S5 S2 S3 S5
Threshold 3-out-of-5 circuit using only Threshold 2-out-of-3 gates
NO
Xi
S1 S2 S3 S4 S5
Threshold3-out-of-5
1-private 3-server SRPIR to
2-private 2(3-1)+1=5-server PIR
Threshold 3-out-of-5 circuit using only Threshold 2-out-of-3 gatesThreshold (t+1)-out-of-t(k-1)+1 circuit using only Threshold 2-out-of-k gates
Combinatorial designs
2-(m,k,λ) design
m points
blocks: sets of k points
each 2 points appear together in λ blocks
1 1 1 11 1 1 1
1 1 1 11 1 1 1
1 1 111 1 1 1
1 1 1 11 1 1 1
1 1 1 11 1 1 1
1 1 1 1
1 1
2-(24,4,1) design
Example: lines in F172
design
Points: GF(17)2
=F172
Blocks: points on a line
2-(172,17,1) design
1 1 1 11 1 1 1
1 1 111 1 1 1
1 1 1 11 1 1 1
1 1 1 11 1 1 1
1 1 1 1
Low rank designs good SCC
1 1 1 11 1 1 1
C = span
2-(m,k,λ) design with p-rank r
C⊥:Fpm-r→Fp
m is a
(k-1)-SCC
Hamada’s Conjecture (‘73): The 2-
(pr,p,1) design that stems from the
lines in Fpr has the smallest p-rank of
all the designs with the same
parameters.
the support of the low-weight words of
the Reed-Muller code
Reed-Muller SCCs
are optimal
Hamada’s
conjecture
Generalization of the conjecture:
Relaxation in the following senses
• dimension (rather than rank)
• over different fields (i.e. q-dimension)
• almost designs
Reed-Muller SCCs
are “essentially
optimal”
Generalized
conjecture
Talk Outline
•Notions and current state
•Our contributions: highlights
•Our contributions: technical details
•Summary and open issues
Summary•Substantial improvement of best t-private PIR
1-private PIR ⇨ t-private PIR
• t-private version of Yekhanin’s protocol
•Interesting connection: SCC and t-private PIR
Better SCC ⇨ better t-private PIR
• SCC=LDC ⇨ 1-private=t-private PIR
•Intriguing connection: SCC and p-rank designs
Prove known SCC optimal ⇨ Hamada’s conjecture
RM SCC upper bound
Yek07 LDC upper bound
LDC lower bound
• Better t-private PIR
• Extend Yek07 to 2-private 5-server PIR? … or even 2-private 8-server PIR?
• LDC vs. SCC• Better SCC than Reed-Muller based
e.g. 3-SCC of length 2o(√n) const. size alphabet
• Better Lower bounds on SCC
separate SCC from LDC
or even super-polynomial lower bounds on SCC
Open Issues
SCC lower bound
thank you