The Capacity of Private Information Retrieval with Eavesdroppers

摘要

We consider the problem of private information retrieval (PIR) with colluding servers and eavesdroppers (abbreviated as ETPIR). The ETPIR problem is comprised of K messages, N servers where each server stores all K messages, a user who wants to retrieve one of the K messages without revealing the desired message index to any set of T colluding servers, and an eavesdropper who can listen to the queries and answers of any E servers but is prevented from learning any information about the messages. The information theoretic capacity of ETPIR is defined to be the maximum number of desired message symbols retrieved privately per information symbol downloaded. We show that the capacity of ETPIR is C = (1 - E/N)(1 + T-E/N-E)^K-1)^-1 when E <; T, and C = (1 - E/N) when E ≥ T. To achieve the capacity, the servers need to share a common random variable (independent of the messages), and its size must be at least E/N · 1/C symbols per message symbol. Otherwise, with less amount of shared common randomness, ETPIR is not feasible and the capacity reduces to zero. An interesting observation is that the ETPIR capacity expression takes different forms in two regimes. When E <; T, the capacity equals the inverse of a sum of a geometric series with K terms and decreases with K; this form is typical for capacity expressions of PIR. When E ≥ T, the capacity does not depend on K, a typical form for capacity expressions of SPIR (symmetric PIR, which further requires data-privacy, i.e., the user learns no information about other undesired messages); the capacity does not depend on T either. In addition, the ETPIR capacity result includes multiple previous PIR and SPIR capacity results as special cases.