Private information retrieval with a trusted hardware unit - revisited

  • Authors:

  • Lukasz Krzywiecki;Mirosław Kutyłowski;Hubert Misztela;Tomasz Strumiński

  • Affiliations:

  • Institute of Mathematics and Computer Science, Wrocław University of Technology, Wrocław, Poland;Institute of Mathematics and Computer Science, Wrocław University of Technology, Wrocław, Poland;Institute of Mathematics and Computer Science, Wrocław University of Technology, Wrocław, Poland;Institute of Mathematics and Computer Science, Wrocław University of Technology, Wrocław, Poland

  • Venue:
  • Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

During ISC'2008 Yanjiang Yang, Xuhua Ding, Robert H. Deng, and Feng Bao presented a construction for holding an encrypted database in a cloud so that the access pattern remains hidden. The scheme is designed for the case when a user holds a trusted hardware unit, which serves as an interface between the owner of the database and the untrusted environment where the encrypted database is stored. The scheme is relatively efficient and has some provable privacy properties. In this paper we analyze an idealized version of the above protocol and prove rigorously strong privacy conditions in a model with a powerful adversary observing all operations occurring in the cloud. On the other hand, we show that the full version of the protocol (with some implementation details), as proposed at ISC'2008, leaks some information about the access pattern of the user. This shows that the protocol does not fulfil the property of ideally private information retrieval. While this is not a general full scale attack, at some specific situations information leakage presented might have practical value for an adversary.