1
1
1
2
1
2
!
" "#
" $
% " !"
" "
"
!"
# !
$!"%" &
!% ! !!
' % ! !
! ( %!&
(! %
!
# )( *) ( +
, - ! !- ./01
.01,$)( $!2.31(
4
n
&x
=
x1x2
· · ·
x
n
x
4 !!&
! !)(5
4!
,6!)()((&
!./71 # )(
4"! &
*+ ! #
)( ,
"!
O
(
n
)
O
(log
n
)
!")( ! .31 &
"!
O
(
n
)
$O
(
n
)
, 8
9
!
%! )(
9!,
.:1 "!
O
(
n
log log
ω/ω
log
ω
)
ω
, &%
! 9&
!!"!,
; ./31 "!
O
(
κ
log
2
n
)
O
(
κ
log
n
)
!κ
!!
#!)( &
"! # " )(
*+ .<1 "
*+
Ω
(
n
)
!! )( ! !, "
,.=71 9!
8 !
"
,&./< />1( ,
? !!@!
@ !
O
(1)
A% 4 !
k
(
k << n
)
"@
O
(
n
log
n
)
&$ 7/(7<
O
(log
n
)
"!,&5*/+
)(./<1
'*=+#"
)( 5
Ω
"f
(
n
) =
Ω
(
g
(
n
))
!
c
n
0
0
≤
cg
(
n
)
≤
f
(
n
)
O
(log
n
)
"!O
(1)
O
(
n
)
@'*:+"!
!
O
(
n/k
)
& )(
k
*k << n
+"!
π
n
5
(1
,
2
,
· · ·
, n
)
1
≤
i
≤
n
i
π
!π
(
i
)
#
D
! !D
= [
d1, d2,
· · ·
d
n
]
d
i
i
&1
≤
i
≤
n
#D
π
!
D
π
i
&!D
π
[
i
]
1
≤
i
≤
n
,D
D
π
!π
!i
D
π
π
(
i
)
D
D
π
[
i
] =
d
π
(
i
)
*/+(
D
π
=
π
−
1
(
D
)
, !
π
! ! (
D
π
[
i
]
d
π
(
i
)
D
π
[
i
]
"d
π
(
i
)
," ;
π
= (1324)
π
(1) = 3
, π
(2) =
4
, π
(3) = 2
, π
(4) = 1
,D
= [
d1, d2, d3, d4
]
D
π
[
d3, d4, d2, d1
]
, "
!
D
D
π
#/ &)(
! 5 '
! , !
D
= [
d
1
,
· · ·
, d
n
]
n
&
@
D
D
π
π
'π
%
B ;
i
&D
!q
8
q
D
π
d
i
, !-q
=
i
-!
q
i
&D
!!-" *+- "
D
!!-"*+- "@
I/O
Server
Trusted Hardware
...
2
n
1
Database
shuffled database
i
i
d
Secure Channel
User
D
π
D
Host
Initial shuffle
Retrieval
( "
! "
)( A
"(
k
*k << n
+ ,! !
Γ
(Γ
2)#& *
2)" #+ ! ! !C!
!
5 # .//1 $
A
= (
a1,
· · ·
, a
N
)
a
i
i
&
i
∈
[1
, N
]
!! !!(
5 &&
% )&
A ! ,
! D &
! !
5 # !
" !
, ! !
!' !
!8 ! !
5 8 ! ! 8#D
.//1 )( !" #
! " #
q
$
A
! $ #%
j
&!#'() $$!Pr(
q
=
j
|A
) = Pr(
q
=
j
)
,
j
∈
[1
, n
]
.
,
A
!!
q
%,/
1
k
! ÌÀD
(
d
1
, d
2
,
· · ·
, d
n
)
π
0
, π
1
,
· · ·
23n
{
1
,
2
,
· · ·
, n}
D
π
s
2D
π
s
D
π
s
[
j
]
d
π
s
(j)
1
≤
j
≤
n
"D
π
s
[
j
]
j
D
π
s
a
i
ÌÀi
4A
(
a
1
,
· · ·
, a
N
)
5!
A
s
s
5 )
Γ
ÌÀ6
!*,,)+ &
4!,,,)!4
!@ ,,)
3
,,)!
π
0
!sk
0
( &D
D
π
0
!sk
0
D
π
0
[
j
]
d
π
0
(
j
)
j
∈
[1
, n
]
D
π
0
,,)!π0
sk
0
!4, )( B!
k
!"&
s
&s
≥
0
π
s
,
D
π
s
sk
s
!!!8
!
D
π
s
!,
#/#
k
" &π
s
+1
!!sk
s
+1
(@D
π
s
D
π
s
+1
! !π
s
+1
sk
s
+1
A !@
D
π
s
+1
! !sk
s
+1
,@ #=
,
D
!!!!!&
!
, !
9! !!,
* +
!
!
d
i
D
s
&*s
≥
0
+8 !"i
5(
d
i
%D
π
s
!"π
−
1
s
(
i
)
(
D
π
s
,=
d
i
D
π
s
7ÌÀ 3 3!
i
&
i /
∈
Γ
) ÌÀπ
−
1
s
(
i
)
D
π
s
d
i
8/
Γ
=
Γ
∪ {
i
}
8 0- ÌÀ !
j
j
∈
R
{
1
,
· · ·
, n
} \
Γ
9 ÌÀπ
−
1
s
(
j
)
D
π
s
d
j
8:
Γ
=
Γ
∪ {
j
}
8 ;ÌÀd
i
< 2
,
A
s
! # /D
π
s
s
&(= ! "!
D
π
s
,s
&A
s
"!k
====#
#
k
% @A!&
!",
!
! , @
"
$ !
π
s
+1
, "D
π
s
+1
$D
π
s
+1
[
j
]
d
π
s
+1
(
j
)
j
∈
[1
, n
]
,D
π
s
D
π
s
+1
D
π
s
+1
[
j
]
D
π
s
[
π
s
−
1
◦
π
s
+1
(
j
)]
,
*=+1
≤
j
≤
n
π
−
1
s
◦
π
s
+1
(
j
)
π
−
1
s
(
π
s
+1
(
j
))
, @
%
D
π
s
+1
&
D
π
s
!" "&
, @ &
& ! 5 */+
&4
D
π
s
+1
'*=+C!
π
s
+1
$
Γ
π
−
1
s
+1
(D
π
s
+1
!D
π
s
+1
[1]
$
n
−
k
!'
k
!,4
D
π
s
+1
[
j
]
j
∈
[1
, n
]
, *
π
s
+1
(
j
)
∈
Γ
+5*
D
π
s
[
π
−
s
1
◦
π
s
+1
(
j
)]
+D
π
s
D
π
s
+1
D
π
s
+1
[
j
]
, *
π
s
+1
(
j
)
∈
Γ
+5D
π
s
[
π
s
−
1
◦
π
s
+1
(
j
)]
D
π
s
+1
D
π
s
+1
[
j
]
5*+
2*+ !
π
s
+1
'*+D !
D
π
s
" 42*+(
D
π
s
Γ
!k
@, $
Γ
π
s
+1
(
j
)
∈
Γ
O
(1)
'8O
(
k
)
O
(
nk
)
, @ :
min
Γ
sortedel
(
i
)
Csortins
(
i
)
+42
D
π
s
D
π
s
+1
ÌÀ7 "
π
s+1
8&
Γ
π
−
1
s+1
j
= 1;
j
= 1
)
1
≤
j
≤
n
−
k
/π
s+1
(
j
)
∈
Γ
j
=
j
+ 1
8
0
r
=
π
−
1
s
◦
π
s+1
(
j
)
8D
π
s
[
r
]
D
π
s
8-
j
=
j
∗
πs
+1(
j
)
∈
/
Γ
∗
9 "
D
π
s
+1
D
π
s
+1
[
j
]
D
π
s
[
r
]
8:
∗
πs
+1(
j
)
∈
Γ
∗
; "
D
π
s
+1
D
π
s
+1
[
j
]
d
min
87>
sortedel(
j
)
8D
π
s
[
r
]
sorteins(
j
)
8
77
j
=
j
+ 1
8j
=
j
+ 1
8
7&?"@8
7)
n
−
k
+ 1
≤
j
≤
n
7/D
π
s
+1
[
j
] =
d
min
8sortdel
(
j
)
870
j
=
j
+ 1
8 7-d
min
!D
π
s
[
π
−
s
1
◦
π
s+1
(
j
)]
D
π
s
+1
5
,@?#"
! # @
( &
!@8!
! !
!A
"
n
−
1
j
Γ
,!
n
" , "!
#=
O
(
n
)
, !# = &
!
R
s
!n
−
k
R
s
"!n
−
k
A$"
!/
n
!4 !
$ =8!;/
9,,/
! !
!
*"+",+"
"
s
! "j
∈
[1
, n
]
!Pr(
D
π
s
[
j
] =
d
l
|A
0,
R
0,
· · ·
,
A
s
−
1,
R
s
−
1
) = 1
/n,
*:+
l
∈
[1
, n
]
!A
i
R
i
!i
∈
[0
, s
−
1]
! $ *$i
$; / $"
j
! "s
,
j
∈
[1
, n
]
Áº
s
= 0
D
π
0
@π
0
!Pr(
D
π
0
[
j
] =
d
l
| ∅
) = 1
/n
1
≤
l
≤
n
ÁÁº
s
=
i
Pr(
D
π
i
[
j
] =
d
l
|A
0,
R
0,
· · ·
,
A
i
−
1,
R
i
−
1
) =
1
/n
s
=
i
+ 1
Pr(
D
π
i
+1
[
j
] =
d
l
|A
1,
R
1,
· · ·
,
A
i
,
R
i
) = 1
/n,
*<+l
∈
[1
, n
]
(
D
π
i
+1
D
π
i
!!Pr(
D
π
i
+1
[
j
] =
d
l
|A
1,
R
1,
· · ·
,
A
i
,
R
i
)
=
n
x
=1
Pr(
D
π
i
+1
[
j
] =
D
π
i
[
x
]
|A
1,
R
1,
· · ·
,
A
i
,
R
i
)
·
Pr(
D
π
i
[
x
] =
d
l
|A
1,
R
1,
· · ·
,
A
i
,
R
i
)
.
*>+
,
l
x
,!
1
/n
!! $
p
x
q
x
!p
x
= Pr(
D
π
i
+1
[
j
] =
D
π
i
[
x
]
|A
1,
R
1,
· · ·
,
A
i
,
R
i
)
,
q
x
= Pr(
D
π
i
[
x
] =
d
l
|A
1,
R
1,
· · ·
,
A
i
,
R
i
)
.
,6
n
x
=1
$
X
=
{
x
|
x
∈
[1
, n
]
, π
i
(
x
)
∈
Γ
}
Y
=
{
x
|
x
∈
[1
, n
]
, π
i
(
x
)
∈
/
Γ
}
A
|
X
|
=
|
Γ
|
=
k
|
Y
|
=
n
−
k
X
∪
Y
= [1
, n
]
,n
x
=1
p
x
q
x
=
x
∈
X
p
x
q
x
+
x
∈
Y
p
x
q
x
.
*E+! 96
D
π
i
%
D
π
i
X
!&
D
π
i
+1
8D
π
i
Y
! ! &4
D
π
i
D!$ @ $
k
+ 1
D
π
i
+1
, !x
∈
X
p
x
= Pr(
π
i
+1
(
j
) =
π
i
(
x
)) = 1
/n
*F+p
x
x
∈
Y
2 !x
∈
Y
p
x
= 1
−
x
∈
X
p
x
= (
n
−
k
)
/n.
*0+,
q
x
! " !
, ;
C
i
&1
≤
l
≤
n
52*/+
l
∈ C
5x
∈
X
q
x
= 1
!%"! !
d
l
x
∈
Y
q
x
= 0
,n
x
=1
p
x
q
x
= 1
/n
+ 0 = 1
/n,
l
∈ C
.
*/7+2*=+
l /
∈ C
5x
∈
X
q
x
=
δ
0
≤
δ
≤
1
x
∈
Y
q
x
= 1
−
δ
A " 9 !%&!, !
5
Pr(
D
π
i
[
x
] =
d
l
| A
0,
R
0,
· · ·
,
A
i
−
1,
R
i
−
1
) = 1
/n
l
∈
[1
, n
]
q
x
=
1
−
δ
n
−
k
!
n
x
=1
p
x
q
x
=
δ/n
+ (1
−
δ
)
/n
= 1
/n.
*//+
$ "
x
0
, x
1
∈
Y
q
x
0
=
q
x
1
Pr(
D
π
i
[
x
0
] =
d
l
)
= Pr(
D
π
i
[
x
1
] =
d
l
)
"d /
∈ C
22/2=
n
x
=1
p
x
q
x
= 1
/n,
1
≤
l
≤
n,
;/@
,
, / !
)(
- $! $
A
=
(
a
1
, a
2
,
· · ·
, a
N
)
!N >
0
! $ ."#
q
!j
∈
[1
, n
]
!Pr(
q
=
j
|A
) = Pr(
q
=
j
)
*/=+Pr(
q
=
j
)
$$ #q
" %j
1
< t
≤
N
Pr(
a
t
|
a1,
· · ·
, a
t
−
1
)
!
a
t
!t
−
1
;
Pr(
a
t
|
a
1
,
· · ·
, a
t
−
1
;
q
=
j
)
!" !
q
j
A! !
q
t
& !
Pr(
a
t
|
a1,
· · ·
, a
t
−
1
) = Pr(
a
t
|
a1,
· · ·
, a
t
−
1
;
q
=
j
)
*/:+!
a
t
D
π
s
s
&25
/
a
t
∈ R
s
a
t
@ 5 8!Pr(
a
t
|
a1,
· · ·
, a
t
−
1
) = Pr(
a
t
|
a1,
· · ·
, a
t
−
1
;
q
=
j
)
a
t
!!π
s
π
s
+1
=
a
t
∈ A
s
a
t
!5; !l
&!
l
∈
[1
, k
]
,l
−
1
!a
t
#/5*+ , 5
a
t
!,
Pr(
a
t
|
a1,
· · ·
, a
t
−
1
) =
1
n
−
(
l
−
1)
*+ , 5
a
t
D
π
s
π
s
# ; / !a
t
1
n
−
(
l
−
1)
A !
q
=
j
!!
a
t
*=+*=+ APr(
a
t
|
a
1
,
· · ·
, a
t
−
1
)
1
n
−
(
l
−
1)
,Pr(
a
t
|
a
1
,
· · ·
, a
t
−
1
) = Pr(
a
t
|
a
1
,
· · ·
, a
t
−
1
, q
=
( !
t
q
=
j
Pr(
a
t
|
a
1
,
· · ·
, a
t
−
1
) = Pr(
a
t
|
a
1
,
· · ·
, a
t
−
1
;
q
=
j
)
.
#
Pr(
A |
q
=
j
) = Pr(
a1,
· · ·
, a
N
|
q
=
j
)
= Pr(
a
N
|
a1,
· · ·
, a
N
−
1
;
q
=
j
)
·
Pr(
a1,
· · ·
, a
t
−
1
|
q
=
j
)
=
N
t
=1
Pr(
a
t
|
a
1
,
· · ·
, a
t
−
1
;
q
=
j
)
=
N
t
=1
Pr(
a
t
|
a1,
· · ·
, a
t
−
1
)
= Pr(
A
)
.
*/<+,
Pr(
q
=
j
|A
) = Pr(
q
=
j,
A
)
/
Pr(
A
)
=
Pr(
A |
q
=
j
)
·
Pr(
q
=
j
)
Pr(
A
)
= Pr(
q
=
j
)
.
, &!
! &! !
)(
!4 "!
)(,!4
n
&" &
)(
/C! !
( !"
"! , "!
!
O
(log
n
)
AO
(log
n
)
)(
$/! !
! ,
! !
"" @@
#=:
O
(1)
A AA ( "
!
"
k
#$% #$& #$&$
O
(
n
)
O
(1)
O
(
n/k
)
>/,7/70.O
(
n
log
n
)
O
(1)
O
(
n
k
log
n
)
>7,&>.
O
(
kn
)
O
(
n
)
O
(
n
)
'#
O
(
n
) +
O
(
k
log
k
)
" 3T
"k
log
k
!
O
(
n
log
n
) +
O
(
n
) +
O
(
k
log
k
)
"O
(
n
)(+
O
(
k
log
k
))
T
¯
,7/.k
log
k
T
O
(
n
log
n
)
" 4"
8 &)(
, @
4 % ? D
&)( !
84
+
"%
k
! " $ $
Ω
(
n/k
)
8 .<1
)(
" )(
B
i
d
i
B
i
! !! !
d
i
!2 ! B
(
|
B
i
|
)
" ! !"i
B(
|
B
i
|
)
)(
1
≤
l
≤
n
Pr(
l
∈
B
i
)
!d
l
!"i
$ )(
l
)
"1
≤
i
≤
n
)
(
l
) = max
1
≤
i
≤
n
{
Pr(
l
∈
B
i
)
}
.
A &! )( !&
B1, B2,
· · ·
, B
n
, &
;>.<1
B
(
|
B
i
|
) =
n
l
=1
)
(
l
)
.
*/>+8B
(
|
B
i
|
) =
Ω
(
n/k
)
!)
(1)
,
· · ·
,
)(
n
)
"k
+ 1
1
/
(
k
+1)
!k
+1
)(1)
,
)(2)
,
· · ·
,
)(
k
+1)
A!Pr(1
∈
/
B1
∩
2
∈
/
B2
· · ·∩
(
k
+ 1)
∈
/
B
k
+1
)
Pr(1
∈
/
B1
∩
2
∈
/
B2
· · · ∩
(
k
+ 1)
∈
/
B
k
+1
)
= 1
−
Pr(1
∈
B1
∪
2
∈
B2
· · · ∪
(
k
+ 1)
∈
B
k
+1
)
≥
1
−
k
+1
l
=1
Pr(
l
∈
B
l
) = 1
−
k
+1
l
=1
)
(
l
)
>
1
−
(
k
+ 1)
1
k
+ 1
= 0
.
8 !
k
" #! "
k
+ 1
1
,
2
,
· · ·
, k
+ 1
,1
∈
/
B1
∩
2
∈
/
B2
· · ·∩
(
k
+1)
∈
/
B
k
+1
Pr(1
∈
/
B1
∩
2
∈
/
B2
· · ·∩
(
k
+1)
∈
/
B
k
+1
) = 0
!,
k
{
)(1)
,
· · ·
,
)(
n
)
}
1
/
(
k
+ 1)
#n
l
=1
)
(
l
)
≥
(
n
−
k
)
·
1
k
+ 1
,
*/3+
Ω
(
n/k
)
!" ÌÀ
!" 4
$
π
0
1
≤
i
≤
n
i
&d
i
"π
−
1
0
(
i
)
G&.F1
d1, d2,
· · ·
, d
n
!4 %&./1
(log
2
n
−
log
n
+4)
n/
4
−
1
8!H.==1 I % ./=1
G! ! $
n
log
n
& *>> k
+! !A !
# " < , "
<
d1, d2, d3, d4
,π0
= (1324)
π0
(1) = 3
, π0
(2) =
4
, π0
(3) = 2
π0
(4) = 1
,! # 4
# ! ( ! ! %
1
||
3
d
1
||
3
d
3
||
2
d
4
||
1
d
1
||
3
d
3
||
2
d
2
||
4
d
1
d
2
d
3
d
4
d
1
||
3
d
2
||
4
d
4
||
1
d
d
2
||
3
2
||
4
d
4
||
1
d
3
||
2
d
2
||
4
d
4
||
1
d
tag
merge 1 by 1 to
length 2
merge 2 by 2 to length 4
'4!
# $% &"
# ! < &
!! 8 !
! " !8 !
=!
, !
k
"" "!! 9
! 9,
!!2)#*2)"#+
( 2)# ! #B
!! "
&
)( !
O
(
n
log
n
)
4#
&
2)# &
2)# #B &
& &
! !
n
= 2
log
n
( !
2
log
n
≤
2
n
" ! =
!% .>1
!$
'
, @ ,
@ &
O
(
n
)
#!!
& (
"
!
k/
2
2 !!% #%
# ! @ ,
d
i
d
i
!!,
d
i
%@,
d
i
! ! !
(! )(
,)(!,
9
!
&)( "&
!
O
(log
n
)
("! ?"(
!
O
(1)
! !O
(
n/k
)
!
O
(log
n
)
*&
O
/+O
(
n/k
)
)(
, , 2 I *,2I+ .=/1 $ , 2&
)*,2)+$&
")(
(# % % '"
, ,2)
, ) D *,)D+ ,)D !
!,)D( ,)D&
! #!
#D! ,)D
!
( ,2I&
,)D (%;I,!*;,+./:1 " 2)G
!!
"!&
!
, !
)(
7 BC D " #
)>9E)7/7;-:
& D 2++"1
#C F1A
7/-&&-E/0D 7;;:
) 2DGCBHI% J D #
o
(
n
1/(2k
−
1)
)
&-7E&9>CCCA &>>&
/ 2DG #
K " 00E9)
&>>>
0 I D# " A " 5 D
!&&97" #
77/E7)> &>>&
- DA CBH$L
/7E0>7;;0
9 DA CBH$L
$/0-K;-0E;:77;;:
: ( A A C F F A*
2 C D1>&-&>)&; )9
; I % C K$ #
" M (A'
&7:" # /99E/:: 7;:0
7> 'L 2 % & %
' % AA!
A:&&>>/
7& IFL 'FH$ "" #
" #CCC C A 7-0
-)9-/77;-9
7) FL + % &>>)
7/ 2! "
" ()%7;;E&7/
&>>/
70 2! ' "
''' * +)&K&>E&:&>>0
7- ( F2 "3
INI FH (+%D
)-0> " # )7/E)&: &>>0
79 FA #*("
$79&K)9)E):-7;::
7: I3 F #*K9
2
n(1
−
)
+
D &9&;" #
07)E0&; &>>)
7; F F 2 F + H $#
&> ' + * "
&$/>)K-:)E-;0&>>7
&7 AL 5 2 $ " 2
KOO"""
