Cryptanalysis of a Lattice-Based PIR Scheme for Arbitrary Database Sizes
Svenja Lage
TL;DR
The paper addresses the vulnerability of a lattice-based Private Information Retrieval scheme to attacks that scale with database size. It advances the prior Liu–Bi approach by introducing a two-stage attack with binary-search-like preprocessing that reduces the number of lattice problems to solve from linear to logarithmic in the number of files $n$, making practical attacks feasible on arbitrary databases with standard hardware. The authors provide analytical proofs of correctness, complemented by numerical experiments (e.g., using $l_0=20$, $N=50$, $p=2^{60}+325$, $n\le 10^4$) showing successful recovery of the target file index within minutes. The results highlight a significant security risk for the Melchor–Gaborit scheme and suggest that parameter choices under this framework may not guarantee practical security for large databases.
Abstract
Private Information Retrieval (PIR) schemes enable users to securely retrieve files from a server without disclosing the content of their queries, thereby preserving their privacy. In 2008, Melchor and Gaborit proposed a PIR scheme that achieves a balance between communication overhead and server-side computational cost. However, for particularly small databases, Liu and Bi identified a vulnerability in the scheme using lattice-based methods. Nevertheless, the rapid increase in computational cost associated with the attack limited its practical applicability, leaving the scheme's overall security largely intact. In this paper, we present a novel two-stage attack that extends the work of Liu and Bi to databases of arbitrary sizes. To this end, we employ a binary-search-like preprocessing technique, which enables a significant reduction in the number of lattice problems that need to be considered. Specifically, we demonstrate how to compromise the scheme in a matter of minutes using an ordinary laptop. Our findings are substantiated through both rigorous analytical proofs and comprehensive numerical experiments.
