9,217 research outputs found
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
How to Securely Compute the Modulo-Two Sum of Binary Sources
In secure multiparty computation, mutually distrusting users in a network
want to collaborate to compute functions of data which is distributed among the
users. The users should not learn any additional information about the data of
others than what they may infer from their own data and the functions they are
computing. Previous works have mostly considered the worst case context (i.e.,
without assuming any distribution for the data); Lee and Abbe (2014) is a
notable exception. Here, we study the average case (i.e., we work with a
distribution on the data) where correctness and privacy is only desired
asymptotically.
For concreteness and simplicity, we consider a secure version of the function
computation problem of K\"orner and Marton (1979) where two users observe a
doubly symmetric binary source with parameter p and the third user wants to
compute the XOR. We show that the amount of communication and randomness
resources required depends on the level of correctness desired. When zero-error
and perfect privacy are required, the results of Data et al. (2014) show that
it can be achieved if and only if a total rate of 1 bit is communicated between
every pair of users and private randomness at the rate of 1 is used up. In
contrast, we show here that, if we only want the probability of error to vanish
asymptotically in block length, it can be achieved by a lower rate (binary
entropy of p) for all the links and for private randomness; this also
guarantees perfect privacy. We also show that no smaller rates are possible
even if privacy is only required asymptotically.Comment: 6 pages, 1 figure, extended version of submission to IEEE Information
Theory Workshop, 201
A New Upperbound for the Oblivious Transfer Capacity of Discrete Memoryless Channels
We derive a new upper bound on the string oblivious transfer capacity of
discrete memoryless channels. The main tool we use is the tension region of a
pair of random variables introduced in Prabhakaran and Prabhakaran (2014) where
it was used to derive upper bounds on rates of secure sampling in the source
model. In this paper, we consider secure computation of string oblivious
transfer in the channel model. Our bound is based on a monotonicity property of
the tension region in the channel model. We show that our bound strictly
improves upon the upper bound of Ahlswede and Csisz\'ar (2013).Comment: 7 pages, 3 figures, extended version of submission to IEEE
Information Theory Workshop, 201
Finite state verifiers with constant randomness
We give a new characterization of as the class of languages
whose members have certificates that can be verified with small error in
polynomial time by finite state machines that use a constant number of random
bits, as opposed to its conventional description in terms of deterministic
logarithmic-space verifiers. It turns out that allowing two-way interaction
with the prover does not change the class of verifiable languages, and that no
polynomially bounded amount of randomness is useful for constant-memory
computers when used as language recognizers, or public-coin verifiers. A
corollary of our main result is that the class of outcome problems
corresponding to O(log n)-space bounded games of incomplete information where
the universal player is allowed a constant number of moves equals NL.Comment: 17 pages. An improved versio
- …