94,270 research outputs found
The Communication Complexity of Private Simultaneous Messages, Revisited
Private Simultaneous Message (PSM) protocols were introduced by Feige, Kilian and Naor (STOC \u2794) as a minimal non-interactive model for information-theoretic three-party secure computation. While it is known that every function admits a PSM protocol with exponential communication of (Beimel et al., TCC \u2714), the best known (non-explicit) lower-bound is bits. To prove this lower-bound, FKN identified a set of simple requirements, showed that any function that satisfies these requirements is subject to the lower-bound, and proved that a random function is likely to satisfy the requirements.
We revisit the FKN lower-bound and prove the following results:
(Counterexample) We construct a function that satisfies the FKN requirements but has a PSM protocol with communication of bits, revealing a gap in the FKN proof.
(PSM lower-bounds) We show that, by imposing additional requirements, the FKN argument can be fixed leading to a lower-bound for a random function. We also get a similar lower-bound for a function that can be computed by a polynomial-size circuit (or even polynomial-time Turing machine under standard complexity-theoretic assumptions). This yields the first non-trivial lower-bound for an explicit Boolean function partially resolving an open problem of Data, Prabhakaran and Prabhakaran (Crypto \u2714, IEEE Information Theory \u2716). We further extend these results to the setting of imperfect PSM protocols which may have small correctness or privacy error.
(CDS lower-bounds) We show that the original FKN argument applies (as is) to some weak form of PSM protocols which are strongly related to the setting of Conditional Disclosure of Secrets (CDS). This connection yields a simple combinatorial criterion for establishing linear -bit CDS lower-bounds. As a corollary, we settle the complexity of the Inner Product predicate resolving an open problem of Gay, Kerenidis, and Wee (Crypto \u2715)
Spectral approach to the communication complexity of multi-party key agreement
In multi-party key agreement protocols it is assumed that the parties are
given correlated input data and should agree on a common secret key so that the
eavesdropper cannot obtain any information on this key by listening to the
communications between the parties. We consider the one-shot setting, when
there is no ergodicity assumption on the input data.
It is known that the optimal size of the secret key can be characterized in
terms of the mutual information between different combinations of the input
data sets, and the optimal key can be produced with the help of the omniscience
protocol. However, the optimal communication complexity of this problem remains
unknown.
We show that the communication complexity of the omniscience protocol is
optimal, at least for some complexity profiles of the input data, in the
setting with restricted interaction between parties (the simultaneous messages
model). We also provide some upper and lower bounds for communication
complexity for other communication problems. Our proof technique combines
information-theoretic inequalities and the spectral method.Comment: 18 pages, 5 figure
Improved Tradeoffs for Leader Election
We consider leader election in clique networks, where nodes are connected
by point-to-point communication links. For the synchronous clique under
simultaneous wake-up, i.e., where all nodes start executing the algorithm in
round , we show a tradeoff between the number of messages and the amount of
time. More specifically, we show that any deterministic algorithm with a
message complexity of requires rounds, for . Our result holds even if
the node IDs are chosen from a relatively small set of size ,
as we are able to avoid using Ramsey's theorem. We also give an upper bound
that improves over the previously-best tradeoff. Our second contribution for
the synchronous clique under simultaneous wake-up is to show that is in fact a lower bound on the message complexity that holds for any
deterministic algorithm with a termination time . We complement this
result by giving a simple deterministic algorithm that achieves leader election
in sublinear time while sending only messages, if the ID space is
of at most linear size. We also show that Las Vegas algorithms (that never
fail) require messages. For the synchronous clique under
adversarial wake-up, we show that is a tight lower bound for
randomized -round algorithms. Finally, we turn our attention to the
asynchronous clique: Assuming adversarial wake-up, we give a randomized
algorithm that achieves a message complexity of and an
asynchronous time complexity of . For simultaneous wake-up, we translate
the deterministic tradeoff algorithm of Afek and Gafni to the asynchronous
model, thus partially answering an open problem they pose
Private Simultaneous Messages Based on Quadratic Residues
Private Simultaneous Messages (PSM) model is a minimal model for secure
multiparty computation. Feige, Kilian, and Naor (STOC 1994) and Ishai
(Cryptology and Information Security Series 2013) constructed PSM protocols
based on quadratic residues. In this paper, we define QR-PSM protocols as a
generalization of these protocols. A QR-PSM protocol is a PSM protocol whose
decoding function outputs the quadratic residuosity of what is computed from
messages. We design a QR-PSM protocol for any symmetric function of communication complexity . As far as we know,
it is the most efficient PSM protocol since the previously known best PSM
protocol was of (Beimel et al., CRYPTO 2014). We also study the
sizes of the underlying finite fields in the protocols since the
communication complexity of a QR-PSM protocol is proportional to the bit length
of the prime . In particular, we show that the -th Peralta prime ,
which is used for general QR-PSM protocols, can be taken as at most
, which improves the Peralta's known result (Mathematics
of Computation 1992) by a constant factor
- …