Abstract

We propose a scheme for outsourcing Private Information Retrieval (PIR) to untrusted servers while protecting the privacy of the database owner as well as that of the database clients. We observe that by layering PIR on top of an Oblivious RAM (ORAM) data layout, we provide the ability for the database owner to perform private writes, while database clients can perform private reads from the database even while the owner is offline. Our system is compatible with existing PIR access control and pricing schemes on a per-record basis for these reads. This extends the usual ORAM model by allowing multiple database readers without requiring trusted hardware; indeed, almost all of the computation in our scheme during reads is performed by untrusted cloud servers. We make a second observation that the database owner can always conduct a private as an ordinary database client, and the private write protocol does not have to provide a read functionality as a standard ORAM protocol does. Based on the two observations, we construct an end-to-end system that privately updates a 1 MB record in a 1 TB database with an amortized end-to-end response time as low as 300 ms when the database owner has a fast network connection to the database servers, and about 1 minute over a slow ADSL connection. Private times by the database readers are on the order of seconds in either case.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call