Liang Feng Zhang

Pengzhen Ke, Yuxuan Qin, Liang Feng Zhang

Private Information Retrieval (PIR) allows clients to retrieve database entries without leaking retrieval indices, yet malicious servers seriously compromise retrieval correctness. Existing Authenticated PIR (APIR) schemes resist selective-failure attacks but rely on computational hardness assumptions. In contrast, information-theoretic PIR with Result Verification (itPIR-RV) achieves integrity without computational assumptions, yet only provides relaxed query privacy with no defense against selective-failure attacks. This paper focuses on unconditionally secure information-theoretic APIR (itAPIR) constructions. We propose the rigorous information-theoretic security definition for itAPIR with statistical privacy against selective-failure attacks and integrity as core properties, formalize the hierarchical relation between itAPIR and itPIR-RV as a relaxed variant with identical integrity but basic query privacy, and prove a conversion theorem that valid itPIR-RV schemes can be directly upgraded to secure itAPIR with no extra overhead. Our work bridges the theoretical gap, simplifies itAPIR design, and enables quantum-resistant PIR in malicious server environments.

Pengzhen Ke, Liang Feng Zhang, Huaxiong Wang et al.

Authenticated private information retrieval (APIR) is the state-of-the-art error-detecting private information retrieval (ED-PIR), using Distributed Point Functions (DPFs) for subpolynomial complexity and privacy. However, its finite field structure restricts it to prime-order DPFs, leading to prohibitively large key sizes under information-theoretic settings, while its dual-DPF-key design introduces unnecessary communication overhead, limiting its practicality for large-scale deployments. This paper proposes a novel ring-based information-theoretic ED-PIR (itED-PIR) scheme that overcomes these limitations by leveraging prime-power-order information-theoretic DPFs (itDPFs). Built over a prime-power ring, the proposed scheme breaks APIR's field-induced constraint to enable more efficient DPF utilization, significantly reducing key size growth and rendering the scheme feasible for high-security scenarios. Additionally, a single-itDPF-key design halves query-side communication overhead by eliminating APIR's redundant dual-key setup, without compromising privacy or verifiability. Beyond immediate efficiency gains, this work establishes a lightweight, flexible framework for constructing DPF-based malicious-resilient private information retrieval, opening new avenues for privacy-preserving data retrieval in distributed storage systems and post-quantum privacy protocols.

Jinyuan Li, Liang Feng Zhang

As machine learning as a service (MLaaS) gains increasing popularity, it raises two critical challenges: privacy and verifiability. For privacy, clients are reluctant to disclose sensitive private information to access MLaaS, while model providers must safeguard their proprietary models. For verifiability, clients lack reliable mechanisms to ensure that cloud servers execute model inference correctly. Decision trees are widely adopted in MLaaS due to their popularity, interpretability, and broad applicability in domains like medicine and finance. In this context, outsourcing decision tree evaluation (ODTE) enables both clients and model providers to offload their sensitive data and decision tree models to the cloud securely. However, existing ODTE schemes often fail to address both privacy and verifiability simultaneously. To bridge this gap, we propose $\sf PVODTE$, a novel two-server private and verifiable ODTE protocol that leverages homomorphic secret sharing and a MAC-based verification mechanism. $\sf PVODTE$ eliminates the need for server-to-server communication, enabling independent computation by each cloud server. This ``non-interactive'' setting addresses the latency and synchronization bottlenecks of prior arts, making it uniquely suitable for wide-area network (WAN) deployments. To our knowledge, $\sf PVODTE$ is the first two-server ODTE protocol that eliminates server-to-server communication. Furthermore, $\sf PVODTE$ achieves security against \emph{malicious} servers, where servers cannot learn anything about the client's input or the providers' decision tree models, and servers cannot alter the inference result without being detected.

Hang Deng, Liang Feng Zhang

A t-private n-server Information-Theoretic Distributed Point Function ((t,n)-ITDPF) allows one to convert any point function f_{alpha,beta}(x): [N] -> G into n shares (secret keys), such that each server can compute an additive share of f_{alpha,beta}(x) with a key while any <= t servers learn absolutely no information about the function. This paper constructs a novel share conversion based on the private information retrieval (PIR) of Ghasemi, Kopparty, and Sudan (STOC 2025) and proposes a perfectly secure 1-private ITDPF with output group G = Z_p, where p can be any prime. Compared with the existing perfectly secure ITDPFs for the same output group, the proposed ITDPF is more efficient with asymptotically shorter secret keys.

Pengzhen Ke, Liang Feng Zhang, Huaxiong Wang et al.

Private Information Retrieval (PIR) is a privacy-preserving primitive in cryptography. Significant endeavors have been made to address the variant of PIR concerning the malicious servers. Among those endeavors, list-decodable Byzantine robust PIR schemes may tolerate a majority of malicious responding servers that provide incorrect answers. In this paper, we propose two perfect list-decodable BRPIR schemes. Our schemes are the first ones that can simultaneously handle a majority of malicious responding servers, achieve a communication complexity of $o(n^{1/2})$ for a database of size n, and provide a nontrivial estimation on the list sizes. Compared with the existing solutions, our schemes attain lower communication complexity, higher byzantine tolerance, and smaller list size.

Lin Zhu, Wen Ming Li, Liang Feng Zhang

A $k$-query locally decodable code (LDC) $C$ allows one to encode any $n$-symbol message $x$ as a codeword $C(x)$ of $N$ symbols such that each symbol of $x$ can be recovered by looking at $k$ symbols of $C(x)$, even if a constant fraction of $C(x)$ have been corrupted. Currently, the best known LDCs are matching vector codes (MVCs). A modulus $m=p_1^{α_1}p_2^{α_2}\cdots p_r^{α_r}$ may result in an MVC with $k\leq 2^r$ and $N=\exp(\exp(O((\log n)^{1-1/r} (\log\log n)^{1/r})))$. The $m$ is {\em good} if it is possible to have $k<2^r$. The good numbers yield more efficient MVCs. Prior to this work, there are only {\em finitely many} good numbers. All of them were obtained via computer search and have the form $m=p_1p_2$. In this paper, we study good numbers of the form $m=p_1^{α_1}p_2^{α_2}$. We show that if $m=p_1^{α_1}p_2^{α_2}$ is good, then any multiple of $m$ of the form $p_1^{β_1}p_2^{β_2}$ must be good as well. Given a good number $m=p_1^{α_1}p_2^{α_2}$, we show an explicit method of obtaining smaller good numbers that have the same prime divisors. Our approach yields {\em infinitely many} new good numbers.

Yan He, Liang Feng Zhang

The problem of securely outsourcing computation to cloud servers has attracted a large amount of attention in recent years. The verifiable computation of Gennaro, Gentry, Parno (Crypto'10) allows a client to verify the server's computation of a function with substantially less time than performing the outsourced computation from scratch. In a multi-function model (Parno, Raykova, Vaikuntanathan; TCC'12) of verifiable computation, the process of encoding function and the process of preparing input are decoupled such that any client can freely submit a computation request on its input, without having to generate an encoding of the function in advance. In this paper, we propose a multi-matrix verifiable computation scheme that allows the secure outsourcing of the matrix functions over a finite field. Our scheme is outsourceable. When it is used to outsource $m$ linear functions, the scheme is roughly $m$ times faster and has less communication cost than the previously best known scheme by Fiore and Gennaro (CCS'12), both in the client-side computation and in the server-side computation. We also show the cost saving with detailed implementations.

Liang Feng Zhang

Outsourcing computation has gained significant popularity in recent years due to the prevalence of cloud computing. There are two main security concerns in outsourcing computation: how to guarantee the cloud server performs the computation correctly and how to keep the client's data secret. The {\em single-server verifiable computation} (SSVC) of Gennaro, Gentry and Parno (Crypto'10) enables a client to delegate the computation of a function $f$ on any input $x$ with both concerns highly relieved, but only results in {\em computationally secure} schemes that {\em lack practical efficiency}. While the SSVC schemes use a single server, in this paper we develop a {\em multi-server verifiable computation} (MSVC) model where the client shares both $f$ and $x$ among multiple servers, each server performs a set of computations on its shares, and finally the client reconstructs $f(x)$ from all servers' results. In this MSVC model we propose a generic construction for outsourcing computations of the form $F{\bf x}$, where $F$ is a matrix and $\bf x$ is a vector. Our generic construction achieves {\em information-theoretic security, input privacy} and {\em function privacy}. By optimizing the parameters, we obtain both a 3-server scheme,which uses the least number of servers, and a 4-server scheme, which incurs the least workload. By decomposing many polynomial computations as a two-stage computation, where the first-stage has the form $F{\bf x}$ and the second-stage is fast, and delegating the first-stage computation, we obtain MSVC schemes for these polynomials. We implement our MSVC schemes and show that they are among the most {\em practical} ones to date.

Xin Chen, Liang Feng Zhang

Catalano and Fiore propose a scheme to transform a linearly-homomorphic encryption into a homomorphic encryption scheme capable of evaluating quadratic computations on ciphertexts. Their scheme is based on the linearly-homomorphic encryption (such as Goldwasser-Micali, Paillier and ElGamal) and need to perform large integer operation on servers. Then, their scheme have numerous computations on the servers. At the same time, their scheme cannot verify the computations and cannot evaluate more than degree-4 computations. To solve these problems, we no longer use linearly-homomorphic encryption which based on number theory assumptions. We use label and pseudorandom function to encrypt message, which significantly reduce the computations on the servers and enable us to use homomorphic MACs technology to realize verifiable computations naturally. We also extend the method to construct $d$-server schemes, which allow the client to delegate degree-$d$ computations on outsourced data.

Xin Chen, Liang Feng Zhang

Homomorphic secret sharing (HSS) allows multiple input clients to secret-share their data among multiple servers such that each server is able to locally compute a function on its shares to obtain a partial result and all partial results enable the reconstruction of the function's value on the outsourced data by an output client. The existing HSS schemes for {\em high-degree} polynomials either {\em require a large number of servers} or {\em lack verifiability}, which is essential for ensuring the correctness of the outsourced computations. In this paper, we propose a two-server verifiable HSS (VHSS) model and construct a scheme that supports the computation of high-degree polynomials. The degree of the outsourced polynomials can be as high as a polynomial in the system's security parameter. Despite of using only 2 servers, our VHSS ensures that each single server learns no information about the outsourced data and no single server is able to persuade the client to output a wrong function value. Our VHSS is significantly more efficient. When computing degree-7 polynomials, our scheme could be 3-10 times faster than the previously best construction.

Liang Feng Zhang, Rehanehi Safavi-Naini

{\em Verifiable computation} (VC) allows a computationally weak client to outsource the evaluation of a function on many inputs to a powerful but untrusted server. The client invests a large amount of off-line computation and gives an encoding of its function to the server. The server returns both an evaluation of the function on the client's input and a proof such that the client can verify the evaluation using substantially less effort than doing the evaluation on its own. We consider how to privately outsource computations using {\em privacy preserving} VC schemes whose executions reveal no information on the client's input or function to the server. We construct VC schemes with {\em input privacy} for univariate polynomial evaluation and matrix multiplication and then extend them such that the {\em function privacy} is also achieved. Our tool is the recently developed {mutilinear maps}. The proposed VC schemes can be used in outsourcing {private information retrieval (PIR)}.

Yeow Meng Chee, Huaxiong Wang, Liang Feng Zhang

Extended private information retrieval (EPIR) was defined by \cite{BCPT07} at CANS'07 and generalized by \cite{BC09} at AFRICACRYPT'09. In the generalized setting, EPIR allows a user to evaluate a function on a database block such that the database can learn neither which function has been evaluated nor on which block the function has been evaluated and the user learns no more information on the database blocks except for the expected result. An EPIR protocol for evaluating polynomials over a finite field $L$ was proposed by Bringer and Chabanne in \cite{BC09}. We show that the protocol does not satisfy the correctness requirement as they have claimed. In particular, we show that it does not give the user the expected result with large probability if one of the coefficients of the polynomial to be evaluated is primitive in $L$ and the others belong to the prime subfield of $L$.