Skip to main content

FrodoPIR

This morning I'm currently staring down a stack of research papers on my desk. But I just saw a headline from Hacker News that Brave, a privacy-preserving browser I'm a fan of, published a paper and code for an improved private information retrieval system.

It requires a relatively simple offline setup ritual and allegedly the FrodoPIR scheme outperforms other private information retrieval schemes by an order of magnitude! The paper is on IACR. And an implementation (written in Rust!) is on their Github at Brave Experiments.

While I won't post any of the mathematical abstractions here because I don't have time to write the LaTeX, the high level overview from their paper appears straightforward enough. Very nice.

1. In the offline phase, the server interprets the database as a matrix, applies a compression function to said matrix and makes the results available as global public parameters. This compression function shrinks the size of the database by a factor of approximately m/λ, where λ is the security parameter and m is the number of database elements. Thus, the size of the parameters is no longer linear in the size of the database.
2. The client downloads the public parameters, and can compute c sets of preprocessed query parameters.
3. In the online phase, the client uses a single set of preprocessed query parameters to produce an “encrypted” query vector, which is sent to the server.
4. The server responds to the query by multiplying the vector with their database matrix.
5. The client returns the result by “decrypting” the response using their preprocessed query parameters.

The paper mentions that previous private information retrieval schemes suffer from computational costs (and thus financial costs) during the initial offline setup phase, with information scaling linearly with the number of clients that will be making requests. Instead, this research is based on learning with errors and provides a low-cost, single-server private information retrieval scheme that outperforms its predecessors.

The main benefit of FrodoPIR is that the offline phase of the protocol is performed by the server alone, completely independent of the number of clients or queries that will be made. This results in low amortized computation overheads, and an offline client download size that is a tiny fraction of the entire server database.
Labels:

Comments

Post a Comment

Popular posts from this blog

yt-dlp Archiving, Improved

One annoying thing about YouTube is that, by default, some videos are now served in .webm format or use VP9 encoding. However, I prefer storing media in more widely supported codecs and formats, like .mp4, which has broader support and runs on more devices than .webm files. And sometimes I prefer AVC1 MP4 encoding because it just works out of the box on OSX with QuickTime, as QuickTime doesn't natively support VP9/VPO9. AVC1-encoded MP4s are still the most portable video format. AVC1 ... is by far the most commonly used format for the recording, compression, and distribution of video content, used by 91% of video industry developers as of September 2019. [ 1 ] yt-dlp , the command-line audio/video downloader for YouTube videos, is a great project. But between YouTube supporting various codecs and compatibility issues with various video players, this can make getting what you want out of yt-dlp a bit more challenging: $ yt-dlp -f "bestvideo[ext=mp4]+bestaudio[ext=m4a]/best...
Post a Comment
Read more

Latin1 vs UTF8

Latin1 was the early default character set for encoding documents delivered via HTTP for MIME types beginning with /text . Today, only around only 1.1% of websites on the internet use the encoding, along with some older applications. However, it is still the most popular single-byte character encoding scheme in use today. A funny thing about Latin1 encoding is that it maps every byte from 0 to 255 to a valid character. This means that literally any sequence of bytes can be interpreted as a valid string. The main drawback is that it only supports characters from Western European languages. The same is not true for UTF8. Unlike Latin1, UTF8 supports a vastly broader range of characters from different languages and scripts. But as a consequence, not every byte sequence is valid. This fact is due to UTF8's added complexity, using multi-byte sequences for characters beyond the general ASCII range. This is also why you can't just throw any sequence of bytes at it and ex...
Post a Comment
Read more

Unlearning, or Proof by Contradiction

Sometimes, we have to unlearn the things we initially learned. And I don't mean this in the sense of having been deliberately deceived. Rather, I mean that to some extent, there are actually many situations in life that involve necessary lies —or believing things that are wrong for perfectly rational reasons . Sometimes it is only after we have consumed and digested such a falsehood that we can see the truth at all. Really, this form of learning is not unlike some parts of math. Consider a mathematical proof in which we begin by assuming that something is one way. But by the end of the proof, we may realize, through contradiction, that it's actually another way. Let us take the number 2 and generously hypothesize that the square root of 2 is actually rational . If this assumption were true, we should be able to prove it with an equation. Let the square root of 2 be the lowest form of $\frac{p}{q}$. Since squares of even numbers are even, and squares of odd numbers a...
Post a Comment
Read more