Single-Server Private Linear Transformation: The Joint Privacy Case
This paper introduces the problem of Private Linear Transformation (PLT) which generalizes the problems of private information retrieval and private linear computation. The PLT problem includes one or more remote server(s) storing (identical copies of) K messages and a user who wants to compute L independent linear combinations of a D-subset of messages. The objective of the user is to perform the computation by downloading minimum possible amount of information from the server(s), while protecting the identities of the D messages required for the computation. In this work, we focus on the single-server setting of the PLT problem when the identities of the D messages required for the computation must be protected jointly. We consider two different models, depending on whether the coefficient matrix of the required L linear combinations generates a Maximum Distance Separable (MDS) code. We prove that the capacity for both models is given by L/(K-D+L), where the capacity is defined as the supremum of all achievable download rates. Our converse proofs are based on linear-algebraic and information-theoretic arguments that establish connections between PLT schemes and linear codes. We also present an achievability scheme for each of the models being considered.
READ FULL TEXT