Private Information Retrieval with Access Control

Goyal, Pawan

Author(s)

Goyal, Pawan

DownloadThesis PDF (1.030Mb)

Advisor

Servan-Schreiber, Sacha

Devadas, Srini

Terms of use

In Copyright - Educational Use Permitted Copyright retained by author(s) https://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

Private Information Retrieval (PIR) allows a user to query for a record from a remote database without revealing the query to the database server. However, PIR does not provide access control guarantees, allowing any user access to any record. Moreover, the database server cannot check access permissions through conventional techniques as they are fundamentally incompatible with PIR. In this thesis, we present Pirac—a novel framework for access control in PIR. In Pirac, only users who have permission to access a specific database record can retrieve it. Our constructions make black-box use of the underlying PIR schemes and therefore apply to both single-server and multi-server PIR. We evaluate our open-source implementation of Pirac when applied to state-of-theart PIR schemes. For databases with roughly one million 4 KiB records, adding access control via Pirac incurs a 2.6× server-side computational overhead in single-server PIR and 3.1× in multi-server PIR, while keeping user processing and communication overheads at a minimum. We show that Pirac enables new applications of PIR, including privacy-preserving password breach lookups, multi-user databases with personal content, and private friend discovery, among others.

Date issued

2023-06

URI

https://hdl.handle.net/1721.1/151392

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses