20,141 research outputs found
Must the Communication Graph of MPC Protocols be an Expander?
Secure multiparty computation (MPC) on incomplete communication networks has been studied within two primary models: (1) Where a partial network is fixed a priori, and thus corruptions can occur dependent on its structure, and (2) Where edges in the communication graph are determined dynamically as part of the protocol. Whereas a rich literature has succeeded in mapping out the feasibility and limitations of graph structures supporting secure computation in the fixed-graph model (including strong classical lower bounds), these bounds do not apply in the latter dynamic-graph setting, which has recently seen exciting new results, but remains relatively unexplored.
In this work, we initiate a similar foundational study of MPC within the dynamic-graph model. As a first step, we investigate the property of graph expansion. All existing protocols (implicitly or explicitly) yield communication graphs which are expanders, but it is not clear whether this is inherent.
Our results consist of two types (for constant fraction of corruptions):
* Upper bounds: We demonstrate secure protocols whose induced communication graphs are not expander graphs, within a wide range of settings (computational, information theoretic, with low locality, even with low locality and adaptive security) each assuming some form of input-independent setup.
* Lower bounds: In the setting without setup and adaptive corruptions, we demonstrate that for certain functionalities, no protocol can maintain a non-expanding communication graph against all adversarial strategies. Our lower bound relies only on protocol correctness (not privacy), and requires a surprisingly delicate argument.
More generally, we provide a formal framework for analyzing the evolving communication graph of MPC protocols, giving a starting point for studying the relation between secure computation and further, more general graph properties
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
Sample Complexity Bounds on Differentially Private Learning via Communication Complexity
In this work we analyze the sample complexity of classification by
differentially private algorithms. Differential privacy is a strong and
well-studied notion of privacy introduced by Dwork et al. (2006) that ensures
that the output of an algorithm leaks little information about the data point
provided by any of the participating individuals. Sample complexity of private
PAC and agnostic learning was studied in a number of prior works starting with
(Kasiviswanathan et al., 2008) but a number of basic questions still remain
open, most notably whether learning with privacy requires more samples than
learning without privacy.
We show that the sample complexity of learning with (pure) differential
privacy can be arbitrarily higher than the sample complexity of learning
without the privacy constraint or the sample complexity of learning with
approximate differential privacy. Our second contribution and the main tool is
an equivalence between the sample complexity of (pure) differentially private
learning of a concept class (or ) and the randomized one-way
communication complexity of the evaluation problem for concepts from . Using
this equivalence we prove the following bounds:
1. , where is the Littlestone's (1987)
dimension characterizing the number of mistakes in the online-mistake-bound
learning model. Known bounds on then imply that can be much
higher than the VC-dimension of .
2. For any , there exists a class such that but .
3. For any , there exists a class such that the sample complexity of
(pure) -differentially private PAC learning is but
the sample complexity of the relaxed -differentially private
PAC learning is . This resolves an open problem of
Beimel et al. (2013b).Comment: Extended abstract appears in Conference on Learning Theory (COLT)
201
Converse bounds for private communication over quantum channels
This paper establishes several converse bounds on the private transmission
capabilities of a quantum channel. The main conceptual development builds
firmly on the notion of a private state, which is a powerful, uniquely quantum
method for simplifying the tripartite picture of privacy involving local
operations and public classical communication to a bipartite picture of quantum
privacy involving local operations and classical communication. This approach
has previously led to some of the strongest upper bounds on secret key rates,
including the squashed entanglement and the relative entropy of entanglement.
Here we use this approach along with a "privacy test" to establish a general
meta-converse bound for private communication, which has a number of
applications. The meta-converse allows for proving that any quantum channel's
relative entropy of entanglement is a strong converse rate for private
communication. For covariant channels, the meta-converse also leads to
second-order expansions of relative entropy of entanglement bounds for private
communication rates. For such channels, the bounds also apply to the private
communication setting in which the sender and receiver are assisted by
unlimited public classical communication, and as such, they are relevant for
establishing various converse bounds for quantum key distribution protocols
conducted over these channels. We find precise characterizations for several
channels of interest and apply the methods to establish several converse bounds
on the private transmission capabilities of all phase-insensitive bosonic
channels.Comment: v3: 53 pages, 3 figures, final version accepted for publication in
IEEE Transactions on Information Theor
The Role of Interactivity in Local Differential Privacy
We study the power of interactivity in local differential privacy. First, we
focus on the difference between fully interactive and sequentially interactive
protocols. Sequentially interactive protocols may query users adaptively in
sequence, but they cannot return to previously queried users. The vast majority
of existing lower bounds for local differential privacy apply only to
sequentially interactive protocols, and before this paper it was not known
whether fully interactive protocols were more powerful. We resolve this
question. First, we classify locally private protocols by their
compositionality, the multiplicative factor by which the sum of a
protocol's single-round privacy parameters exceeds its overall privacy
guarantee. We then show how to efficiently transform any fully interactive
-compositional protocol into an equivalent sequentially interactive protocol
with an blowup in sample complexity. Next, we show that our reduction is
tight by exhibiting a family of problems such that for any , there is a
fully interactive -compositional protocol which solves the problem, while no
sequentially interactive protocol can solve the problem without at least an
factor more examples. We then turn our attention to
hypothesis testing problems. We show that for a large class of compound
hypothesis testing problems --- which include all simple hypothesis testing
problems as a special case --- a simple noninteractive test is optimal among
the class of all (possibly fully interactive) tests
- …