🤖 AI Summary
This work investigates the theoretical limits of single-server private information retrieval (PIR) with client preprocessing under black-box cryptographic assumptions. We establish the first general lower bound for PIR schemes whose online phase relies solely on black-box access to cryptographic primitives after client preprocessing, showing that either the amortized communication complexity or the number of server-side cryptographic operations must be at least Ω(n/s), where n is the database size and s is the amount of preprocessed data. This bound holds in standard black-box models, including the random oracle and virtual black-box obfuscation settings, and extends to several restricted variants of PIR as well as symmetric PIR (SPIR). Our results imply the infeasibility of doubly efficient PIR within this framework, and we complement the lower bound with a matching SPIR construction, demonstrating its tightness.
📝 Abstract
(shortened for arXiv metadata)
We study the limits of single-server private information retrieval (PIR) with preprocessing. Prior work has shown that single-server PIR with sublinear communication requires a linear number of (public-key) server operations per query [DMO00, DH24]. Recent breakthrough works, including [CHK22, ZPZS24, LMW23], circumvent these lower bounds by critically leveraging preprocessing to construct single-server PIR with sublinear query computation.
Our work presents computation lower bounds for any single-server PIR with preprocessing that makes blackbox usage of {\em any} cryptography (such as random oracles and virtual blackbox obfuscation). For any client preprocessing scheme where the client stores $s$ bits about an $n$-bit database, we prove the online amortized computation must be $Ω(n/s)$ across $k = Ω(s)$ queries (even if performed in a single batch query). In more detail, we prove that they must have either $Ω(n/s)$ amortized online communication or the server must perform $Ω(n/s)$ cryptographic operations. Our lower bounds are optimal as there exist PIRs with client preprocessing matching exactly one of the above requirements while outperforming the other. Furthermore, our lower bounds also rule out the existence of doubly efficient PIR from blackbox cryptography with sublinear query computation. Our proof framework also supports $Ω(n/s)$ communication lower bounds for three mildly restricted classes of single-server PIR.
We also prove lower bounds for symmetric private information retrieval (SPIR) with client preprocessing in the random oracle model and present a matching SPIR construction with client preprocessing using only OWFs during queries.