Efficient Consistency Proofs on a Committed Database

A consistent query protocol allows a database owner to publish a very short string c which commits her to a particular database D with special consistency property (i.e., given c, every allowable query has unique and well-defined answer with respect to D.) Moreover, when a user makes a query, any server hosting the database can answer the query, and provide a very short proof P that the answer is well-defined, unique, and consistent with c (and hence with D). One potential application of consistent query protocols is for guaranteeing the consistency of many replicated copies of D---the owner can publish c, and users can verify the consistency of a query to some copy of D by making sure P is consistent with c. This strong guarantee holds even for owners who try to cheat, while creating c. The task of consistent query protocols was originally proposed for membership queries by Micali and Rabin, and subsequently and independently, by Kilian. In this setting a server can prove to a client whether or not a given key is present or not in a database, based only on a short public commitment c. We strengthen their results in several ways. For membership queries, we improve the communication complexity; more importantly, we provide protocols for more general types of queries and more general relational databases. For example, we consider databases in which entries have several keys and where we allow range queries (e.g. we allow a client to ask for all entries within a certain age range and a certain salary range). Towards this goal, we introduce query algorithms with certain inherent robustness properties---called data-robust algorithms---and show how this robustness can be achieved. In particular, we illustrate our general technique by constructing an efficient data-robust algorithm for proving consistency of orthogonal range queries (a particular case of a ``join''query). The server's proof convinces the client not only that all the matching entries provided are in D, but also that no others are present. Our guarantees hold even if the answer is the empty set. In the case of one-dimensional range queries we also show a new data-hiding technique---called explicit hashing---which allows us to a execute consistent query protocol P and at the same time protect the privacy of all other information in the database efficiently. In particular, we avoid the NP reductions required in a generic zero-knowledge proof.