Back to Events

Private Information Retrieval in the Shuffle Model

Speaker

Yiping Ma
UPenn

Host

Ryan Lehmkuhl
CSAIL MIT

April 10 2025

12:00P - 1:00P

Location

32-D463
Stata (Star)

Abstract 
Private information retrieval (PIR) is a powerful cryptographic tool for building many interesting applications, like private search engines, private group chats and more. Although in recent years we have witnessed great strides towards efficient PIR both in theory (e.g., LMW23) and in practice (e.g., SimplePIR), the inherent lower bound of PIR prevents us from going further. 

We consider PIR under "the shuffle model", where queries can be made anonymously by multiple clients. This model can also be viewed as a hybrid between the single-server and the two-server settings: one server holds the database and another server holds a secret permutation. 
- On the theory side, we present the first PIR scheme in this model that has information-theoretic security and sublinear per-client communication. In particular, for every γ > 0, the protocol has O(n^γ) communication and computation costs per (stateless) client, with 1/poly(n) statistical security, assuming that a size-n database is simultaneously accessed by poly(n) clients. 
- On the practice side, we construct concretely efficient PIR in the shuffle model based on computational assumption LPN; even better efficiency follows from conjectured hardness of Multi-Disjoint Syndrome Decoding. In the batched query setting, this PIR scheme has ~20x improvement of throughput over the state-of-the-art single-server PIR schemes. 

Finally, I will discuss a few interesting use cases of the shuffle model in other secure computation tasks. 

This talk is based on joint works with Adrià Gascón, Yuval Ishai, Mahimna Kelkar, Daniel Lee, Baiyu Li, and Mariana Raykova. 

Add to Calendar 2025-04-10 12:00:00 2025-04-10 13:00:00 America/New_York Private Information Retrieval in the Shuffle Model Abstract Private information retrieval (PIR) is a powerful cryptographic tool for building many interesting applications, like private search engines, private group chats and more. Although in recent years we have witnessed great strides towards efficient PIR both in theory (e.g., LMW23) and in practice (e.g., SimplePIR), the inherent lower bound of PIR prevents us from going further. We consider PIR under "the shuffle model", where queries can be made anonymously by multiple clients. This model can also be viewed as a hybrid between the single-server and the two-server settings: one server holds the database and another server holds a secret permutation. - On the theory side, we present the first PIR scheme in this model that has information-theoretic security and sublinear per-client communication. In particular, for every γ > 0, the protocol has O(n^γ) communication and computation costs per (stateless) client, with 1/poly(n) statistical security, assuming that a size-n database is simultaneously accessed by poly(n) clients. - On the practice side, we construct concretely efficient PIR in the shuffle model based on computational assumption LPN; even better efficiency follows from conjectured hardness of Multi-Disjoint Syndrome Decoding. In the batched query setting, this PIR scheme has ~20x improvement of throughput over the state-of-the-art single-server PIR schemes. Finally, I will discuss a few interesting use cases of the shuffle model in other secure computation tasks. This talk is based on joint works with Adrià Gascón, Yuval Ishai, Mahimna Kelkar, Daniel Lee, Baiyu Li, and Mariana Raykova.  TBD

Organizer & Contact

Sheila Sharbetian
617-324-6747

Part of

Related Events