7 research outputs found
Distributed Function Computation with Confidentiality
A set of terminals observe correlated data and seek to compute functions of
the data using interactive public communication. At the same time, it is
required that the value of a private function of the data remains concealed
from an eavesdropper observing this communication. In general, the private
function and the functions computed by the nodes can be all different. We show
that a class of functions are securely computable if and only if the
conditional entropy of data given the value of private function is greater than
the least rate of interactive communication required for a related
multiterminal source-coding task. A single-letter formula is provided for this
rate in special cases.Comment: To Appear in IEEE JSAC: In-Network Computation: Exploring the
Fundamental Limits, April 201
When is a Function Securely Computable?
A subset of a set of terminals that observe correlated signals seek to
compute a given function of the signals using public communication. It is
required that the value of the function be kept secret from an eavesdropper
with access to the communication. We show that the function is securely
computable if and only if its entropy is less than the "aided secret key"
capacity of an associated secrecy generation model, for which a single-letter
characterization is provided
Converses for Secret Key Agreement and Secure Computing
We consider information theoretic secret key agreement and secure function
computation by multiple parties observing correlated data, with access to an
interactive public communication channel. Our main result is an upper bound on
the secret key length, which is derived using a reduction of binary hypothesis
testing to multiparty secret key agreement. Building on this basic result, we
derive new converses for multiparty secret key agreement. Furthermore, we
derive converse results for the oblivious transfer problem and the bit
commitment problem by relating them to secret key agreement. Finally, we derive
a necessary condition for the feasibility of secure computation by trusted
parties that seek to compute a function of their collective data, using an
interactive public communication that by itself does not give away the value of
the function. In many cases, we strengthen and improve upon previously known
converse bounds. Our results are single-shot and use only the given joint
distribution of the correlated observations. For the case when the correlated
observations consist of independent and identically distributed (in time)
sequences, we derive strong versions of previously known converses
A Bound For Multiparty Secret Key Agreement And Implications For A Problem Of Secure Computing
We consider secret key agreement by multiple parties observing correlated data and communicating interactively over an insecure communication channel. Our main contribution is a single-shot upper bound on the length of the secret keys that can be generated, without making any assumptions on the distribution of the underlying data. Heuristically, we bound the secret key length in terms of ``how far is the joint distribution of the initial observations of the parties and the eavesdropper from a distribution that renders the observations of the parties conditionally independent across some partition, when conditioned on the eavesdropper\u27s side information.
The closeness of the two distributions is measured in terms of the exponent of the probability of error of type II for a binary hypothesis testing problem, thus bringing out a structural connection between secret key agreement and binary hypothesis testing. When the underlying data consists of an independent and identically distributed sequence, an application of our bound recovers several known upper bounds for the asymptotic rate of a secret key that can be generated, without requiring the agreement error probability or the security index to vanish to 0 asymptotically.
Also, we consider the following problem of secure function computation with trusted parties: Multiple parties observing correlated data seek to compute a function of their collective data. To this end, they communicate interactively over an insecure communication channel. It is required that the value of the function be concealed from an eavesdropper with access to the communication. When is such a secure computation of a given function feasible? Using the aforementioned upper bound, we derive a necessary condition for the existence of a communication protocol that allows the parties to reliably recover the value of a given function, while keeping this value concealed from an eavesdropper with access to (only) the communication
Common Randomness Principles of Secrecy
This dissertation concerns the secure processing of distributed data by multi- ple terminals, using interactive public communication among themselves, in order to accomplish a given computational task. In the setting of a probabilistic multitermi- nal source model in which several terminals observe correlated random signals, we analyze secure distributed data processing protocols that harness the correlation in the data. The specific tasks considered are: computing functions of the data under secrecy requirements; generating secretly shared bits with minimal rate of public communication; and securely sharing bits in presence of a querying eavesdropper. In studying these various secure distributed processing tasks, we adopt a unified approach that entails examining the form of underlying common randomness (CR) that is generated at the terminals during distributed processing. We make the case that the exact form of established CR is linked inherently to the data processing task at hand, and its characterization can lead to a structural understanding of the associated algorithms. An identification of the underlying CR and its decomposi- tion into independent components, each with a different operational significance, is
a recurring fundamental theme at the heart of all the proofs in this dissertation. In addition to leading to new theoretical insights, it brings out equivalences between seemingly unrelated problems. Another distinguishing feature of this work is that it considers interactive communication protocols. In fact, understanding the structure of such interactive communication is a key step in proving our results.
We make the following contributions. First, we propose a new information theoretic formulation to study secure distributed computing using public communi- cation. The parties observing distributed data are trusted but an eavesdropper has access to the public communication network. We examine distributed communica- tion protocols that allow the trusted parties to accomplish their required computa- tion tasks while giving away negligible information about a specified portion of the data to an eavesdropper with access to the communication. Our theoretical results provide necessary and sufficient conditions that characterize the feasibility of vari- ous secure computing tasks; in many cases of practical importance, these conditions take a simple form and can be verified easily. When secure computing is feasible, we propose new algorithms in special cases.
Next, we revisit the problem of generating shared secret keys (SKs). We investigate minimum communication requirements for generating information theo- retically secure SKs of maximum rates from correlated observations using interactive public communication. In particular, our approach allows us to examine the role of interaction in such communication. On the one hand, we find that interaction is not needed when the observed correlated bits are symmetrically correlated and therefore, in this case, simple noninteractive protocols are the most efficient means of
generating optimum rate SKs. On the other hand, we illustrate that interactive pro- tocols can require a strictly lower rate of overall communication than noninteractive protocols.
Finally, we consider the task of ensuring security against an eavesdropper who makes queries about a portion of the distributed data that the terminals share by communicating over a public network. We introduce an alternative notion of secrecy which requires rendering the task of a querying eavesdropper as onerous as possible. Our main contribution in this part is the development of a new technique for proving converse results for secrecy problems involving CR with interactive communication, which is employed then to obtain an upper bound for the maximum number of queries that can be inflicted on the eavesdropper for any CR and corresponding communication. Surprisingly, there is an equivalence between this notion of secrecy and that of information theoretic security, which leads to new theoretical results for SK generation; for instance, we prove a strong converse for the SK capacity.
We conclude by hypothesizing the basic principles of secrecy generation that emerge from the results developed in this dissertation