TAPIR: A Two-Server Authenticated PIR Scheme with Preprocessing
Annamira O'Toole
Abstract:
Authenticated Private Information Retrieval (APIR) enables a client to retrieve a record from a public database and verify that the record is “authentic” without revealing any information about which record was requested. In this work, we propose Tapir: the first two-server APIR scheme to achieve both sublinear communication and computation complexity for queries, while also supporting dates. Our scheme builds upon the unauthenticated two-server PIR scheme SinglePass (Lazzaretti and Papamanthou, USENIX’24). Due to its modular design, Tapir provides different trade-offs depending on the underlying vector commitment scheme used.
Moreover, Tapir is the first APIR scheme with preprocessing to support appends and edits in time linear in the database partition size. This makes it an ideal candidate for transparency applications that require support for integrity, database appends, and private lookups. We provide a formal security analysis and a prototype implementation that demonstrates our scheme’s efficiency. Tapir incurs as little as 0.11 % online bandwidth overhead for databases of size 2^22, compared to the unauthenticated SinglePass. For databases of size >= 2^20, our scheme, when instantiated with Merkle trees, outperforms all prior multi-server APIR schemes with respect to online runtime.
Bio:
Annamira is a PhD student advised by Kenny Paterson in the Applied Cryptography Group of ETH Zurich. She's worked on authenticated private information retrieval (this work) and currently focus on anonymous credentials and oblivious message retrieval. Previously, she did her undergrad at UC Berkeley and master's at EPFL/ETH Zurich.