The project aims to build a proof-of-concept private query database: the database server always returns the correct query results yet proveably doesn't know what the query was. Such a database would have very important applications for privacy, like private search, private peer-to-peer signaling, DNS services, etc.
Suppose the database is a sequence of blocks of bits. The client wants to know the i-th block. She encrypts i in a certain way and sends the encrypted query to the server. The server performs certain computations and sends back an encrypted answer. When the client decrypts it, she gets the plaintext block she asked for.
Protocols like this are called Private Information Retrieval or Oblivious Transfer (*). In a recent 2013 paper Yi, Kaosar, Paulet, Bertino (see references) showed that it is fairly easy to build such a database using a relatively new encryption scheme called fully homomorphic encryption. The construction is quite simple and the prototype is pretty doable in a weekend.
We plan to use the scarab library for fully homomorphic encryption and implement the database server and client prototypes with Python.
- Bogdan Kulynych
- Benjamin Lipp
- Tommaso Papini
- Alejandro Avilés
- Harry Cutts
- Michał Jabczyński
- Davide Kirchner
- José Molina
Source code: github.com/blindstore
- Computer security
Would really like to have someone with proper cryptography experience or education.
Build a proof-of-concept prototype database using existing fully homomorphic encryption library scarab (C with a Python wrapper) based on construction from Yi, Kaosar, Paulet, Bertino paper. Evaluate performance and practicality.
- Theoretical base and detailed algorithm for database: Single-Database Private Information Retrieval from Fully Homomorphic Encryption, Yi, Kaosar, Paulet, Bertino
- Oblivious Transfer and Private Information Retrieval hub: http://www.cs.ut.ee/~lipmaa/crypto/link/protocols/oblivious.php
- Fully homomorphic encryption library libScarab: https://hcrypt.com/