|
|
@@ -2,52 +2,82 @@
|
|
|
|
|
|
SealPIR is a research library and should not be used in production systems.
|
|
|
SealPIR allows a client to download an element from a database stored by a server without
|
|
|
-revealing which element was downloaded. SealPIR was introduced at
|
|
|
-the Symposium on Security and Privacy (Oakland) in 2018. You can find
|
|
|
+revealing to the server which element was downloaded. SealPIR was introduced at
|
|
|
+the IEEE Symposium on Security and Privacy (Oakland) in 2018. You can find
|
|
|
a copy of the paper [here](https://eprint.iacr.org/2017/1142.pdf).
|
|
|
|
|
|
-This is a newer version of SealPIR that uses the latest version of SEAL
|
|
|
-and provides better serialization/deserialization of queries and responses,
|
|
|
-and a more streamlined code base. A drawback of this version is that ciphertexts
|
|
|
-are slightly larger (due to specifics with SEAL).
|
|
|
-
|
|
|
-If you wish to use the **original** version of SealPIR which uses an older version
|
|
|
-of SEAL and **has smaller ciphertexts**, check out the
|
|
|
-[original](https://github.com/microsoft/SealPIR/tree/ccf86c50fd3291) branch in this
|
|
|
-repository.
|
|
|
-
|
|
|
# Compiling SEAL
|
|
|
|
|
|
-SealPIR depends on [Microsoft SEAL version 3.6.6](https://github.com/microsoft/SEAL/tree/3.6.6).
|
|
|
-Install SEAL before compiling SealPIR.
|
|
|
+SealPIR depends on [Microsoft SEAL version 3.7.2](https://github.com/microsoft/SEAL/tree/3.7.2).
|
|
|
+
|
|
|
+Download and install SEAL (follow the instructions in the above link) before before compiling SealPIR.
|
|
|
|
|
|
# Compiling SealPIR
|
|
|
|
|
|
-Once Microsoft SEAL 3.6.6 is installed, to build SealPIR simply run:
|
|
|
+Once Microsoft SEAL 3.7.2 is installed, to build SealPIR simply run:
|
|
|
|
|
|
```
|
|
|
cmake .
|
|
|
make
|
|
|
```
|
|
|
-
|
|
|
+
|
|
|
This should produce a binary file ``bin/main``.
|
|
|
|
|
|
# Testing SealPIR
|
|
|
|
|
|
-Once you have compiled SealPIR, you can test that everything is working
|
|
|
-correctly by running:
|
|
|
+Once you have compiled SealPIR, you can run our battery of unit tests with:
|
|
|
|
|
|
```
|
|
|
-ctest
|
|
|
+ctest .
|
|
|
```
|
|
|
|
|
|
# Using SealPIR
|
|
|
|
|
|
Take a look at the example in `src/main.cpp` for how to use SealPIR.
|
|
|
You can also look at the tests in the `test` folder.
|
|
|
-Note: the parameter "d" stands for recursion levels, and for the current
|
|
|
-configuration, the server-to-client reply has size (pow(10, d-1) * 32) KB.
|
|
|
-Therefore we recommend using d <= 3.
|
|
|
+
|
|
|
+
|
|
|
+## Default parameters
|
|
|
+
|
|
|
+$$N$$ indicates the degree of the BFV polynomials. Default is 4096.
|
|
|
+
|
|
|
+$$t$$ indicates the plaintext modulus, but we specify $$logt$$ instead. Default is 20.
|
|
|
+
|
|
|
+Each BFV ciphertext can encrypt $$\log{t}\cdot N \approx 10 KB$$ bits of information.
|
|
|
+
|
|
|
+This means that if your database has, say, 1 KB elements, then you can pack 10
|
|
|
+such elements into a single BFV plaintext.
|
|
|
+On the other hand, if your database has, say, 20 KB elements, then you will
|
|
|
+need two BFV plaintexts to represent each of your elements.
|
|
|
+
|
|
|
+$$d$$ represents the recursion level. When the number of BFV plaintexts needed
|
|
|
+to represent your database (see above for how to map the number of database
|
|
|
+elements of a given size to the number of BFV plaintexts) is smaller than N,
|
|
|
+then setting $$d = 1$$ minimizes communication costs. However, you can also set
|
|
|
+$$d = 2$$ which doubles the size of the query and increases the size of the
|
|
|
+response by roughly a factor of 4, but in some cases might reduce computational
|
|
|
+costs a little bit (because the oblivious expansion procedure is cheaper).
|
|
|
+
|
|
|
+When the number of BFV plaintexts is much greater than N, then $$d = 2$$
|
|
|
+minimizes communication costs. You can read the paper to understand how $$d$$
|
|
|
+affects communication costs. In general, the query consists of $$d$$ BFV
|
|
|
+ciphertexts and can index a database with $$N^d$$ BFV plaintexts; the response
|
|
|
+consists of $$F^{d-1}$$ ciphertexts, where $$F$$ is the ciphertext
|
|
|
+expansion factor. In the current implementation which uses recursive
|
|
|
+modulo swithcing, $$F$$ is around 4. We have not identified any setting where
|
|
|
+$$d > 2$$ is beneficial.
|
|
|
+
|
|
|
+
|
|
|
+# Changelog
|
|
|
+
|
|
|
+This implementation of SealPIR uses the latest version of SEAL, fixes several bugs,
|
|
|
+and provides better serialization/deserialization of queries and responses,
|
|
|
+and a more streamlined code base.
|
|
|
+
|
|
|
+If you wish to use the **original** version of SealPIR which corresponds to the
|
|
|
+numbers reported in the paper and which uses an older version of SEAL, check
|
|
|
+out [this](https://github.com/microsoft/SealPIR/tree/ccf86c50fd3291) branch in
|
|
|
+the git repository.
|
|
|
|
|
|
# Contributing
|
|
|
|
Sebastian Angel