On the Practicality of PIR - Radu Sion
On the Practicality of PIR - Radu Sion On the Practicality of PIR - Radu Sion
What is a practical PIR protocol ? Stony Brook Network Security and Applied Cryptography Lab Baseline: a cheaper PIR protocol than trivial database transfer (for now !). What is cheaper ? Often, ”not slower”. Faster. Not always ! Practicality of Private Information Retrieval (NDSS, February 2006) 4
Time to “illustrate” … Stony Brook Network Security and Applied Cryptography Lab … we choose: E. Kushilevitz and R. Ostrovsky, “Replication is not needed: single database, computationally-private information retrieval”, FOCS 1997. Why ? It is the least computationally expensive and arguably the fastest of the bunch. The results can be applied to all 7+ single-server computational protocols we looked at (based on wellestablished intractability assumptions) They also apply to any protocol with a per-bit cost > fraction (e.g., 1/10) of the cost of a modular multiplication. Practicality of Private Information Retrieval (NDSS, February 2006) 5
- Page 1 and 2: Network Security and Applied Crypto
- Page 3: What is “practical” ? Stony Bro
- Page 7 and 8: Execution time analysis Stony Brook
- Page 9 and 10: Past: MIPS Schedule Stony Brook Net
- Page 11 and 12: Present: Hardware Stony Brook Netwo
- Page 13 and 14: Present: Low bandwidth conditions S
- Page 15 and 16: Future: CPU Speed follows Moore ! S
- Page 17 and 18: Future: 1 bit multiplication vs. tr
- Page 19 and 20: What do we do ? Stony Brook Network
- Page 21 and 22: IBM 4764 Stony Brook Network Securi
- Page 23 and 24: Comparison: Pentium 4 Stony Brook N
- Page 25 and 26: in/yes > /dev/lunchtime Stony Brook
Time to “illustrate” …<br />
Stony Brook Network Security and Applied Cryptography Lab<br />
… we choose: E. Kushilevitz and R. Ostrovsky,<br />
“Replication is not needed: single database,<br />
computationally-private information retrieval”, FOCS 1997.<br />
Why ?<br />
It is <strong>the</strong> least computationally expensive and arguably <strong>the</strong><br />
fastest <strong>of</strong> <strong>the</strong> bunch.<br />
The results can be applied to all 7+ single-server<br />
computational protocols we looked at (based on wellestablished<br />
intractability assumptions)<br />
They also apply to any protocol with a per-bit cost ><br />
fraction (e.g., 1/10) <strong>of</strong> <strong>the</strong> cost <strong>of</strong> a modular multiplication.<br />
<strong>Practicality</strong> <strong>of</strong> Private Information Retrieval (NDSS, February 2006)<br />
5