Private Information Storage

We consider the setting of hiding information through the use of multiple databases that do not interact with one another. In this setting, there are k 2 \databases" which can be accessed by some \users". Users do not keep any state information, but wish to access O(n) bits of \data". Previously, in this setting solutions for retrieval of data in the eecient manner were given, where a user achieves this by interacting with all the databases. We consider the case of both writing and reading. While the case of reading was well studied before, the case of writing was previously completely open. In this paper, we show how to implement both read and write operations, with the following strong security guarantees: all the information about the read/write operation is information-theoretically hidden from all the databases (i.e. both the value of the bit and the address of the bit). As in the previous papers, we measure, as a function of k and n the amount of communication required between a user and all the databases for a single read/write operation, and achieve eecient read/write schemes. Moreover, we show a general reduction from reading database scheme to reading and writing database scheme, with the following guarantees: for any k, given a retrieval only k-database scheme with communication complexity R(k; n) we show a (k + 1) reading and writing database scheme with total communication complexity O R(k; n) (log n) O(1). Our general reduction in combination with the paper of Chor,Goldreich,Kushilevtiz,Sudan] yields: a 3-database scheme with read/write communication complexity of O n 1=3 (log n) 3 ; for all constants k 2, a (k + 1)-database scheme with read/write communication complexity of O n 1=k (log n) 3 ; O(log n)-database scheme with read/write communication complexity of O ? (log n) 3. It should be stressed that prior to the current paper no trivial (i.e. sub-linear) bounds for private information storage were known. Moreover, our result yields a solution to the problem of information-theoretically secure Oblivious RAM simulation with poly-log overhead in the above setting. Our result also implies that eecient instance-hiding schemes where the state can be altered are possible.