Brave Software has created FrodoPIR, a privacy-focused database query system that pulls data directly from servers. It does not reveal the contents of queries.
Brave will use FrodoPIR to test usernames and passwords against known dumps of data in an upcoming leaky credentials checker. The Brave browser uses FrodoPIR to verify the pairs without sharing the information to the server.
FrodoPIR, according to the developers, was created to be both cost-effective as well as versatile for any use case scenario. This makes it perfect for data retrieval in many different cases beyond just verifying credentials.
Brave’s private access solution is also more affordable than existing options and less difficult to implement. It can be scaled easily.
FrodoPIR takes less than one second to reply to clients queries for 1,000,000 1KB items. It has a server response time factor of under 3.6x and costs only $1 per 100,000 queries.
FrodoPIR: How it works
FrodoPIR functionality can be broken into two phases. An offline phase is where preparations are made and an online phase is where “hidden query” is sent to the server.
The offline phase is where the server reads the database in a linear matrix. This reduces it by approximately 170 times and then compresses and makes them available to the public.
These parameters are downloaded by the client and used to compute pre-processed queries.
To create an encrypted query vector, the client selects the appropriate query parameters during the online phase.
The server receives the query and multiplies it against its database matrix. If the answer is yes, then the query will be matched in the database.
The client finally receives the reply and then decrypts it using same query parameters that were used to generate the private query.
Brave explained that each client query was a noisy vector which appears randomly to the server.
The server does not know which value you’re querying, but it will return the right answer, if the data was in the database.
The post also mentions the Brave Browser password checker. It is currently in development. FrodoPIR could be used to stream certificates, transparency, revocation checks and safe browsing.
by Brave Software provides more information about FrodoPIR’s operation.