Jump to content
  • Brave launches FrodoPIR, a privacy-focused database query system

    alf9872000

    • 340 views
    • 3 minutes
     Share


    • 340 views
    • 3 minutes

    Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries.

     

    Brave plans to use FrodoPIR in an upcoming leaked credentials checker built into the Brave browser to check usernames and passwords against known data dumps without disclosing the checked pairs to the server.

     

    The developers note that FrodoPIR was designed to be cost-effective and versatile in any use-case scenario, making it ideal for use in a broad range of data retrieval cases besides just checking credentials.

     

    Also, compared to existing solutions, Brave’s private database access proposal is more cost-effective, less complicated to implement, and easier to scale.

     

    comparison.png

    Comparison of FrodoPIR to other schemes used in the industry (Brave)

     

    As an example of its speed, for a database of 1 million 1KB elements, FrodoPIR requires less than a second to respond to client queries, has a server response size blow-up factor under 3.6x, and it costs just $1 to answer 100,000 client queries.

    How FrodoPIR works

    FrodoPIR’s functionality is broken down into two phases, an offline phase where preparatory work takes place and an online phase where the “hidden” query is made to the server.

     

    In the offline phase, the server interprets the database as a linear matrix, which reduces its size by about 170 times, and then applies compression and makes the results available as public parameters.

     

    The client downloads those parameters and computes sets of pre-processed queries.

     

    The client picks the proper query parameters in the online phase to produce an encrypted query vector.

     

    Upon receiving the query, the server multiplies it with its database matrix and responds with an answer that determines whether the query has a match in the database.

     

    Finally, the client receives the response and decrypts it using the same pre-processed query parameters for generating the private query.

     

    frodo-chart.png

    FrodoPIR functional diagram (Brave)

     

    “Each client query is a noisy vector that appears uniformly random to the server,” explains Brave.

     

    “The server never learns which value you are querying for, and yet it returns the correct answer (if it was included in the database or not).”

     

    Apart from the password checker, which is in the plans for Brave Browser, the post mentions that the FrodoPIR scheme could also be used for certificate transparency and revocation checks, streaming, and safe browsing.

     

    For more technical details about how FrodoPIR works, you can also check this paper published by the Brave Software team.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...