Lifting Pivate Infomation Retieval fom Two to any umbe of Messages Rafael G.L. D Oliveia, Salim El Rouayheb ECE, Rutges Univesity, Piscataway, J Emails: d746@scaletmail.utges.edu, salim.elouayheb@utges.edu axiv:1802.0644v2 [cs.it] 29 May 2018 Abstact We study pivate infomation etieval (PIR) on coded data with possibly colluding seves. Devising PIR schemes with optimal download ate in the case of collusion and coded data is still open in geneal. We povide a lifting opeation that can tansfom what we call one-shot PIR schemes fo two messages into schemes fo any numbe of messages. We apply this lifting opeation on existing PIR schemes and descibe two immediate implications. Fist, we obtain novel PIR schemes with impoved download ate in the case of MDS coded data and seve collusion. Second, we povide a simplified desciption of existing optimal PIR schemes on eplicated data as lifted secet shaing based PIR. I. ITRODUCTIO We conside the poblem of designing pivate infomation etieval (PIR) schemes on coded data stoed on multiple seves that can possibly collude. In this setting, a use wants to download a message fom a seve with M messages while evealing no infomation, in an infomation-theoetic sense, about which message it is inteested in. The database is eplicated on seves, o in geneal, could be stoed using an easue code, typically a Maximum Distance Sepaable (MDS) code 1. These seves could possibly collude to gain infomation about the identity of the use s etieved message. The PIR poblem was fist intoduced and studied in [1], [2] and was followed up by a lage body of wok (e.g. [] [8]). The model thee assumes the database to be eplicated and focuses on PIR schemes with efficient total communication ate, i.e., upload and download. Motivated by big data applications and ecent advances in the theoy of codes fo distibuted stoage, thee has been a gowing inteest in designing PIR schemes that can quey data that is stoed in coded fom and not just eplicated. Fo this setting, the assumption has been that the messages being etieved ae vey lage (compaed to the queies) and theefoe the focus has been on designing PIR schemes that minimize the download ate. Despite significant ecent pogess, the poblem of chaacteizing the optimal PIR download ate (called PIR capacity) in the case of coded data and seve collusion emains open in geneal. Related wok: When the data is eplicated, the poblem of finding the PIR capacity, i.e., minimum download ate, is essentially solved. It was shown in [4] and [5] that the PIR capacity is (1+T/ +T 2 / 2 + +T / ) 1, whee is the numbe of seves, T is the numbe of colluding This wok was suppoted in pat by SF Gant CCF 181765. 1 The assumption hee is that messages ae divided into chunks which ae encoded sepaately into n coded chunks using the same code. seves and M is the numbe of messages. Capacity achieving PIR schemes wee also pesented in [4] and [5]. When the data is coded and stoed on a lage numbe of seves (exponential in the numbe of messages), it was shown in [9] that downloading one exta bit is enough to achieve pivacy. In [10], the authos deived bounds on the tadeoff between stoage cost and download cost fo linea coded data and studied popeties of PIR schemes on MDS data. Explicit constuctions of efficient PIR scheme on MDS data wee fist pesented in [11] fo both collusions and no collusions. Impoved PIR schemes fo MDS coded data with collusions wee pesented in [12]. PIR schemes fo geneal linea codes, not necessaily MDS, wee studied in [1]. The PIR capacity fo MDS coded data and no collusion was detemined in [14], and emains unknown fo the case of collusions. Contibutions: We intoduce what we efe to as a lifting opeation that tansfoms a class of one-shot linea PIR schemes that can etieve pivately one out of a total of two messages, into geneal PIR schemes on any numbe of messages. In the liteatue, the majoity of PIR schemes on coded data, such as those in [11] and [12], ae one-shot schemes. Fist, we descibe a efinement opeation on these schemes that impoves thei ate fo two messages. Then, we descibe how the efined vesion can be lifted to any numbe of messages. Finally, we apply the lifting opeation on existing PIR schemes and descibe two immediate implications: Applying the lifting opeation to the schemes pesented in [11] and [12], we obtain novel PIR schemes with impoved download ate fo MDS coded data and seve collusion. The capacity achieving PIR schemes on eplicated data in [4] and [5] can be seen as lifted secet shaing. II. SETTIG A set of M messages, {W 1, W 2,..., W M } F L q, ae stoed on seves each using an (, K)-MDS code. We denote by W j i F L/K q, the data about W j stoed on seve i. seve 1 seve 2 seve W 1 W1 1 W2 1 W 1 W 2 W1 2 W2 2 W 2..... W M W1 M W2 M W M Since the code is MDS, each W j is detemined by any K- subset of {W j 1,..., W j }.
The data on seve i is D i = (Wi 1,..., W i M ) F ML/K q. A linea quey (fom now on we omit the tem linea) is a vecto q F ML/K q. When a use sends a quey q to a seve i, this seve answes back with the inne poduct D i, q F q. The poblem of pivate infomation etieval can be stated infomally as follows: A use wishes to download a file W m without leaking any infomation about m to any of the seves whee at most T of them may collude. The goal is fo the use to achieve this while minimizing the download ate. The messages W 1, W 2,..., W M ae assumed to be independent and unifomly distibuted elements of F L q. The use is inteested in a message W m. The index of this message, m, is chosen unifomly at andom fom the set {1, 2,..., M}. A PIR scheme is a set of queies fo each possible desied message W m. We denote a scheme by Q = {Q 1,..., Q M } whee Q m = {Q m 1,..., Q m } is the set of queies which the use will send to each seve when they wish to etieve W m. So, if the use is inteested in W m, Q m i denotes the set of queies sent to seve i. The set of answes, A = {A 1,..., A M }, is defined analogously. A PIR scheme should satisfy two popeties: 1) Coectness: H(W m A m ) = 0. 2) T -Pivacy: I( j J Q m j ; m) = 0, fo evey J [M] such that J = T, whee [M] = {1,..., M}. Coectness guaantees that the use will be able to etieve the message of inteest. T -Pivacy guaantees that no T colluding seves will gain any infomation on the message in which the use is inteested. Definition 1. Let M messages be stoed using an (, K)- MDS code on seves. An (, K, T, M)-PIR scheme is a scheme which satisfies coectness and T -Pivacy. ote that T -Pivacy implies in Q 1 = Q i fo evey i, i.e., the numbe of queies does not depend on the desied message. Definition 2. The PIR ate of an (, K, T, M)-PIR scheme Q is R Q = L Q 1. III. OE-SHOT SCHEMES In this section, we intoduce the notion of a one-shot scheme, which captues the majoity of the schemes in the liteatue. Without loss of geneality, we assume that the use is inteested in etieving the fist message. We denote by V 1 = {a F ML/K q : i > L/K a i = 0}, the subspace of queies which only quey the fist message. Definition. An (, K, T, M)-one-shot PIR scheme of codimension is an (, K, T, M)-PIR scheme whee each seve is queied exactly once and in the following way. Seve 1 Seve Seve + 1 Seve q 1 q q +1 + a 1 q + a TABLE I: Quey stuctue fo a one-shot scheme. The queies in Table I satisfy the following popeties: 1) Any collection of T queies fom q 1,..., q F ML/K q is unifomly and independently distibuted. 2) The a 1,..., a V 1 ae such that the esponses D +1, a 1,..., D, a ae linealy independent. ) Fo i >, the esponse D i, q i is a linea combination of D 1, q 1,..., D, q. Popety 1 ensues pivacy. Popeties 2 and ensue coectness. Poposition 1. Let Q be an (, K, T, M)-one-shot scheme of co-dimension. Then, its ate is given by R Q = = 1. Poof. Since fo evey i >, D i, q i is a linea combination of D 1, q 1,..., D, q, the use can etieve the linealy independent D +1, a 1,..., D, a. Technically, must be divisible by L. When this does not occu, the one-shot scheme must be epeated lcm(, L) times 2. This, howeve, does not change the ate of the scheme. We pesent an example of a one-shot scheme fom [11]. Example 1. Suppose the messages ae stoed using a (4, 2)- MDS code ove F in the following way: Seve 1 Seve 2 Seve Seve 4 W 1 W1 1 W2 1 W1 1 + W2 1 W1 1 + 2W2 1 W 2 W1 2 W2 2 W1 2 + W2 2 W1 2 + 2W2 2..... W M W1 M W2 M W1 M + W2 M W1 M + 2W2 M Suppose the use is inteested in the fist message and wants 2-pivacy, i.e., at most 2 seves can collude. The following is a (4, 2, 2, M)-one-shot scheme taken fom [11]. Seve 1 Seve 2 Seve Seve 4 Queies q 1 q 2 q q 4 + e 1 Responses D 1, q 1 D 2, q 2 D, q D 4, q 4 TABLE II: Quey and esponse stuctue fo Example 1. The queies in Table II satisfy the following popeties: The queies q 1, q 2 F ML/K q ae unifomly and independently distibuted. We have q = q 1 + q 2 and q 4 = q 1 + 2q 2. The quey e 1 V 1 coesponds to the queies (in this case thee is only = 1 quey) a 1,..., a in Table I, and is the fist vecto of the standad basis of F ML/K q, i.e, e 1 only has enty 1 in the fist coodinate and 0 on all the othe coodinates. This scheme is pivate since fo any two seves the queies ae unifomly and independently distibuted. To etieve D 4, e 1 the use uses the following identity: D 4, q 4 = D 1, q 1 + 2 D 2, q 2 + 2 D, q. (1) 2 We denote the least common multiple of and K by lcm(, L).
With this we have one linea combination of W 1, the fist coodinate of W 1 1 +W 1 2. Repeating this lcm(, L) times, we obtain enough combinations to decode W 1. To etieve 1 unit of the message the use has to download 4 units. Theefoe, the ate of the PIR scheme is R = 1/4, which could have also been obtained fom Poposition 1. IV. THE REFIEMET LEMMA The ate of a one-shot scheme is independent of the numbe of messages. In this section, we show how to efine a one-shot scheme to obtain a bette ate fo the case of two messages. Analogous to V 1, we denote by V 2 = {b F ML/K q : i < L/K + 1 o i > 2L/K b i = 0} the subspace of queies which only quey the second message. Lemma 1 (The Refinement Lemma). Let Q be a one-shot scheme of co-dimension, with ate. Then, thee exists an (, K, T, 2)-PIR scheme, Q, with ate R Q = + >. Poof. We constuct Q in the following way. Seve 1 Seve Seve + 1 Seve a 1 a a +1 + b +1 a + b b 1 b TABLE III: Quey stuctue fo Q. The queies in Table III satisfy the following popeties: The queies a i V 1 and b i V 2. Each quey b i is chosen with distibution induced by the quey q i of the one-shot scheme Q. Any subset of size T of D 1, b 1,..., D, b is linealy independent 4. Fo i, a i is chosen with distibution identical to b i. Fo i >, a i is chosen such that the set of esponses D 1, a 1,..., D, a is linealy independent 4. Pivacy is inheited fom the one-shot scheme by andomizing the ode in which the queies to a seve ae sent. The following is also inheited fom the one-shot scheme: Fo i >, D i, b i is a linea combination of D 1, b 1,..., D, b. Thus, the use can etieve the linealy independent D 1, a 1,..., D, a. We now apply the efinement lemma to Example 1. Example 2. Conside Example 1 but with two messages. Applying the efinement lemma, we get the following scheme. Seve 1 Seve 2 Seve Seve 4 a 1 a 2 a a 4 + b 4 b 1 b 2 b TABLE IV: Quey stuctue of the efinement of Table II. The queies in Table IV satisfy the following popeties: The queies a i V 1 and b i V 2. A pobability distibution on F ML/K q induces a pobability distibution on V 2 F ML/K q. 4 Fo lage fields this occus with high pobability. The queies b 1 and b 2 ae unifomly and independently distibuted and ae linealy independent. We have b = b 1 + b 2 and b 4 = b 1 + 2b 2. The queies a 1 and a 2 ae unifomly and independently distibuted and ae linealy independent. We have a = a 1 + a 2 and a 4 = a 1 + a 2. Pivacy is inheited fom the one-shot scheme. To etieve D 4, a 4 we use the following identity (inheited fom (1) in the one-shot scheme): D 4, b 4 = D 1, b 1 + 2 D 2, b 2 + 2 D, b. The choice a 4 = a 1 + a 2 is done so that the set of esponses D 1, a 1,..., D 4, a 4 is linealy independent. As pe Lemma 1, the ate of this scheme is R = 4/7, lage than the ate of 1/4 in Example 1. Remak 1. The scheme in Example 1 is defined ove the field F. Howeve, the efinement of this scheme in Example 2 equies a lage field since we need the coefficient in a 4 = a 1 + a 2 so that the set { D 1, a 1,..., D 4, a 4 } is linealy independent. In ou schemes, we will assume that the base field is lage enough. V. THE LIFTIG THEOREM In this section, we pesent ou main esult in Theoem 1. We show how to extend, by means of a lifting opeation, the efined scheme on two messages to any numbe of messages. Infomally, the lifting opeation consists of two steps: a symmetization step, and a way of dealing with leftove queies that esult fom the symmetization. We also intoduce a symbolic matix epesentation fo PIR schemes which simplifies ou analysis. A. An Example of the Lifting Opeation We denote by V j = {b F ML/K q : i < (j 1)L/K + 1 o i > jl/k b i = 0}, the subspace of queies which only quey the j-th message. Definition 4. A k-quey is a sum of k queies, each belonging to a diffeent V j, j [M]. So, fo example, if a V 1, b V 2, and c V, then a is a 1-quey, a + b is a 2-quey, and a + b + c is a -quey. Conside the scheme in Example 2. We epesent the stuctue of this scheme by means of the following matix: S 2 = ( ). (2) Each column of S 2 coesponds to a seve. A 1 in column i epesents sending all possible combinations of 1-queies of evey message to seve i, and a 2 epesents sending all combinations of 2-queies of evey message to seve i. We call this matix the symbolic matix of the scheme. The co-dimension = tells us that fo evey = ones thee is = 1 twos in the symbolic matix. Given the intepetation above, the symbolic matix S 2 can be eadily applied to obtain the stuctue of a PIR scheme fo
any numbe of messages M. Fo M =, the stuctue is as follows. seve 1 seve 2 seve seve 4 a 1 a 2 a a 4 + b 4 b 1 b 2 b a 5 + c 4 c 1 c 2 c b 5 + c 5 TABLE V: Quey stuctue fo M = in Example 1 as implied by the symbolic matix in (2). The elationships between the queies in Table V is taken fom the one-shot scheme and satisfy the following popeties: The a i V 1, b i V 2, and c i V. The a s and b s ae chosen as in Example 2. The c s ae chosen analogously to the b s. The exta leftove tem b 5 + c 5 is chosen unifomly and independent and diffeent fom zeo. The scheme in Table V has ate 5/12. In this scheme, the ole of b 5 + c 5 is to achieve pivacy and does not contibute to the decoding pocess. In this sense, it can be seen as a leftove quey of the symmetization. By epeating the scheme = times, each one shifted to the left, so that the leftove queies appea in diffeent seves, we can apply the same idea in the one-shot scheme to the leftove queies, as shown in Table VI. Thus, we impove the ate fom 5/12 to 16/7. seve 1 seve 2 seve seve 4 a 1 a 2 a a 4 + b 4 b 1 b 2 b a 5 + c 4 c 1 c 2 c b 5 + c 5 a 7 a 8 a 9 + b 9 a 6 b 7 b 8 a 10 + c 9 b 6 c 7 c 8 b 10 + c 10 c 6 a 1 a 14 + b 14 a 11 a 12 b 1 a 15 + c 14 b 11 b 12 c 1 b 15 + c 15 c 11 c 12 a 16 + b 16 + c 16 TABLE VI: Quey stuctue fo the lifted scheme. The queies in Table VI satisfy the following popeties: The scheme is sepaated into fou ounds. In each of the fist thee ounds the queies behave as in Table V, but shifted to the left so that the leftove queies appea in diffeent seves. But now, b 16 + c 16, b 15 + c 15, b 10 + c 10, and b 5 + c 5 ae chosen analogously to the one-shot scheme. Moe pecisely, b 16 + c 16 and b 15 + c 15 ae unifomly and independently distibuted and ae linealy independent, and b 10 + c 10 = (b 16 + c 16 ) + (b 15 + c 15 ) b 5 + c 5 = (b 16 + c 16 ) + 2(b 15 + c 15 ). In this way, D 1, a 16 can be etieved using the following identity (analogous to Example 2): D 1, b 16 + c 16 = 2 D 2, b 15 + c 15 + 2 D, b 10 + c 10 D 1, b 5 + c 5 This scheme can be epesented by the following matix 5. S = The scheme fo M = messages was constucted ecusively using the one fo 2 messages. It is this ecusive opeation that we call lifting. The main idea behind the lifting opeation is that = enties with value k geneate = 1 enty with value k + 1 in the symbolic matix. Lifting S to S 4 follows the same pocedue: epeat S = times, each one shifted to the left, to poduce = 1 4-quey. As a esult, we obtain the following symbolic matix. S 4 = 4 The queies ae to be chosen analogously to the pevious examples which we descibe igoously in the next subsection. B. The Symbolic Matix and the Lifting Opeation Definition 5. Let Q be a one-shot scheme with co-dimension. A symbolic matix S M fo Q is defined ecusively as follows. {}}{{}}{ S 2 = ( 1,..., 1, 2,..., 2) () S M+1 = lift(s M ) (4) The lifting opeation is defined as, S M σ(s M ) lift(s M ) =., σ 1 (S M ) A whee σ(s M ) shifts the columns of S M to the left and A is a matix which we will descibe late in detail. Fomally, σ(s M )(i, j) = S M (i, j + 1) fo 1 j n 1 and σ(s M )(i, n) = S M (i, 1). Hee, σ(s M )(i, j) is the enty in the i-ow and j-th column of the matix σ(s M ). The matix A is constucted as follows: We fist define an odeing 6,, on (i, j) 2 by (i, j) (i, j ) if eithe i < i o i = i and j < j. 5 We omit zeos in ou symbolic matices. 6 This is known in the liteatue as a lexicogaphical ode.
Let B = {(i, j) : S M (i, j) = M} = {b 1,..., b #(M,SM )} such that i < j implies in b i b j, whee Define #(k, A) = {(i, j) [n] [m] : A ij = k}. τ(i, j) = { (i + ows(sm ), j 1) if j > 1, (i + ows(s M ), ) if j = 1, whee ows(s M ) is the numbe of ows in S M. Define the auxiliay sets B i = {b i, τ(b i ),..., τ 1 (b i )} and c(b i ) = {j : (i, j) B i ). Then, A is defined as { 0 if j c(bi ), A i,j = M + 1 if j / c(b i ). As an example, we show how S 4 in Section V-A is constucted in tems of S. In this case, = and the matix A consists of a single ow. S 4 = 4 S σ(s ) σ 2 (S ) Tanslation fom symbolic matix to PIR scheme. Each enty k of a symbolic matix S M epesents ( ) M k k-queies, one fo evey combination of k messages. The queies ae taken analogously to the queies in the one-shot scheme. This is done by making the queies epesented by B i = {b i, τ(b i ),..., τ 1 (b i )} to geneate the queies epesented by {(i, j) : A i,j = M + 1}. To find the ate of the lifted scheme we need to count the numbe of enties in the symbolic matix of a specific value. Poposition 2. Let S M be the symbolic matix of a one-shot scheme with co-dimension. Then, ( ) k 1 #(k, S M ) = 1 k M Poof. It follows fom the lifting opeation that #(k, S M ) = #(k 1, S M ) ( ) k 1 = #(1, S M ) ( ) k 1 =. A Theoem 1. Let Q be a one-shot scheme of co-dimension. Then, efining and lifting Q gives an (, K, T, M)-PIR scheme Q with ate R Q ( ) = M M = ( 1 ( ) M ). Poof. Given the one shot-scheme Q, we apply the efinement lemma to obtain a scheme with symbolic matix S 2 as in (). The scheme Q is defined as the one with symbolic matix S M = lift M 2 (S 2 ) as in (4). 7 Pivacy and coectness of the scheme follow diectly fom the pivacy and coectness of the one-shot scheme. ext, we calculate the ate R Q = L. Each enty k of Q 1 S M coesponds to ( M k ) k-queies, one fo each combination of k messages. Thus, using Poposition 2, M ( ) Q 1 M = #(k, S M ) k M ( ) k 1 ( ) M = k = M M To find L we need to count the queies which quey W 1. The numbe of k-queies which quey W 1 is ( k 1 ). Thus, M ( ) M 1 L = #(k, S M ) k 1 M ( ) k 1 ( ) M 1 = k 1 = Theefoe, R Q = ( ) M M. VI. REFIIG AD LIFTIG KOW SCHEMES In this section, we efine and lift known one-shot schemes fom the liteatue. We fist efine and lift the scheme descibed in Theoem of [15]. In ou notation, this scheme is a one-shot scheme with co-dimension = K +T K. Theoem 2. Refining and lifting the scheme pesented in Theoem of [15] gives an (, K, T, M)-PIR scheme Q with R Q = ( + T ).(K) (K) M (K + T ) M. (5) ext, we efine and lift the scheme in [12]. In ou notation, this scheme has co-dimension = K + T 1. Thus, we 7 The powe in the expession lift M 2 (S 2 ) denotes functional composition.
obtain the fist PIR scheme to achieve the ate conjectued to be optimal 8 in [12] fo MDS coded data with collusions. Theoem. Refining and lifting the scheme pesented in [12] gives an (, K, T, M)-PIR scheme, Q, with ( K T + 1) R Q = M (K + T 1) M = 1 K+T 1 1 ( ) K+T 1 M. (6) The ate of the scheme in Theoem 2 (5) is uppe bounded by the ate of the scheme in Theoem (6), with equality when eithe K = 1 o = K + T. ow, we conside the case of eplicated data (K = 1) on seves with at most T collusions. A T -theshold linea secet shaing scheme [17] can be tansfomed into the following one-shot PIR scheme. Seve 1... Seve T Seve T + 1... Seve q 1 q T q T +1 + a 1 q + a T [12] R. Feij-Hollanti, O. W. Gnilke, C. Hollanti, and D. A. Kapuk, Pivate infomation etieval fom coded databases with colluding seves, SIAM Jounal on Applied Algeba and Geomety, vol. 1, no. 1, pp. 647 664, 2017. [1] S. Kuma, E. Rosnes, and A. G. i Amat, Pivate infomation etieval in distibuted stoage systems using an abitay linea code, in Infomation Theoy (ISIT), 2017 IEEE Intenational Symposium on, pp. 1421 1425, IEEE, 2017. [14] K. Banawan and S. Ulukus, The capacity of pivate infomation etieval fom coded databases, axiv pepint axiv:1609.0818, 2016. [15] R. Tajeddine, O. W. Gnilke, and S. E. Rouayheb, Pivate infomation etieval fom mds coded data in distibuted stoage systems, IEEE Tansactions on Infomation Theoy, pp. 1 1, 2018. [16] H. Sun and S. A. Jafa, Pivate infomation etieval fom mds coded data with colluding seves: Settling a conjectue by feij-hollanti et al., IEEE Tansactions on Infomation Theoy, vol. 64, pp. 1000 1022, Feb 2018. [17] R. Came, I. B. Damgåd, and J. B. ielsen, Secue Multipaty Computation and Secet Shaing. Cambidge, England: Cambidge Univesity Pess, 2015. Theoem 4. Refining and lifting a T -theshold linea secet shaing scheme gives an (, 1, T, M)-PIR scheme Q with capacity-achieving ate ( T ) R Q = M T M. This scheme has the same capacity achieving ate as the scheme pesented in [5] but with less queies. REFERECES [1] B. Cho, O. Goldeich, E. Kushilevitz, and M. Sudan, Pivate infomation etieval, in IEEE Symposium on Foundations of Compute Science, pp. 41 50, 1995. [2] B. Cho, E. Kushilevitz, O. Goldeich, and M. Sudan, Pivate infomation etieval, Jounal of the ACM (JACM), vol. 45, no. 6, pp. 965 981, 1998. [] W. Gasach, A suvey on pivate infomation etieval, The Bulletin of the EATCS, vol. 82, no. 72-107, p. 1, 2004. [4] H. Sun and S. A. Jafa, The capacity of pivate infomation etieval, axiv pepint axiv:1602.0914, 2016. [5] H. Sun and S. A. Jafa, The capacity of obust pivate infomation etieval with colluding databases, axiv pepint axiv:1605.0065, 2016. [6] S. Yekhanin, Pivate infomation etieval, Communications of the ACM, vol. 5, no. 4, pp. 68 7, 2010. [7] A. Beimel and Y. Ishai, Infomation-theoetic pivate infomation etieval: A unified constuction, in Automata, Languages and Pogamming, pp. 912 926, Spinge, 2001. [8] A. Beimel, Y. Ishai, E. Kushilevitz, and J.-F. Raymond, Beaking the o(n 1/(2k 1) ) baie fo infomation-theoetic pivate infomation etieval, in The 4d Annual IEEE Symposium on Foundations of Compute Science, 2002. Poceedings., pp. 261 270, IEEE, 2002. [9]. Shah, K. Rashmi, and K. Ramchandan, One exta bit of download ensues pefectly pivate infomation etieval, in 2014 IEEE Intenational Symposium on Infomation Theoy, pp. 856 860, IEEE, 2014. [10] T. Chan, S.-W. Ho, and H. Yamamoto, Pivate infomation etieval fo coded stoage, in 2015 IEEE Intenational Symposium on Infomation Theoy (ISIT), pp. 2842 2846, IEEE, June 2015. [11] R. Tajeddine and S. El Rouayheb, Pivate infomation etieval fom mds coded data in distibuted stoage systems, in Infomation Theoy (ISIT), 2016 IEEE Intenational Symposium on, pp. 1411 1415, IEEE, 2016. 8 The optimality of the ate in (6) was dispoven in [16] fo some paametes. Fo the emaining ange of paametes, the PIR schemes obtained hee in Theoem, though efining and lifting, achieve the best ates known so fa in the liteatue.