85 research outputs found
An Elementary Completeness Proof for Secure Two-Party Computation Primitives
In the secure two-party computation problem, two parties wish to compute a
(possibly randomized) function of their inputs via an interactive protocol,
while ensuring that neither party learns more than what can be inferred from
only their own input and output. For semi-honest parties and
information-theoretic security guarantees, it is well-known that, if only
noiseless communication is available, only a limited set of functions can be
securely computed; however, if interaction is also allowed over general
communication primitives (multi-input/output channels), there are "complete"
primitives that enable any function to be securely computed. The general set of
complete primitives was characterized recently by Maji, Prabhakaran, and
Rosulek leveraging an earlier specialized characterization by Kilian. Our
contribution in this paper is a simple, self-contained, alternative derivation
using elementary information-theoretic tools.Comment: 6 pages, extended version of ITW 2014 pape
On the Efficiency of Classical and Quantum Secure Function Evaluation
We provide bounds on the efficiency of secure one-sided output two-party
computation of arbitrary finite functions from trusted distributed randomness
in the statistical case. From these results we derive bounds on the efficiency
of protocols that use different variants of OT as a black-box. When applied to
implementations of OT, these bounds generalize most known results to the
statistical case. Our results hold in particular for transformations between a
finite number of primitives and for any error. In the second part we study the
efficiency of quantum protocols implementing OT. While most classical lower
bounds for perfectly secure reductions of OT to distributed randomness still
hold in the quantum setting, we present a statistically secure protocol that
violates these bounds by an arbitrarily large factor. We then prove a weaker
lower bound that does hold in the statistical quantum setting and implies that
even quantum protocols cannot extend OT. Finally, we present two lower bounds
for reductions of OT to commitments and a protocol based on string commitments
that is optimal with respect to both of these bounds
A New Upperbound for the Oblivious Transfer Capacity of Discrete Memoryless Channels
We derive a new upper bound on the string oblivious transfer capacity of
discrete memoryless channels. The main tool we use is the tension region of a
pair of random variables introduced in Prabhakaran and Prabhakaran (2014) where
it was used to derive upper bounds on rates of secure sampling in the source
model. In this paper, we consider secure computation of string oblivious
transfer in the channel model. Our bound is based on a monotonicity property of
the tension region in the channel model. We show that our bound strictly
improves upon the upper bound of Ahlswede and Csisz\'ar (2013).Comment: 7 pages, 3 figures, extended version of submission to IEEE
Information Theory Workshop, 201
Converses for Secret Key Agreement and Secure Computing
We consider information theoretic secret key agreement and secure function
computation by multiple parties observing correlated data, with access to an
interactive public communication channel. Our main result is an upper bound on
the secret key length, which is derived using a reduction of binary hypothesis
testing to multiparty secret key agreement. Building on this basic result, we
derive new converses for multiparty secret key agreement. Furthermore, we
derive converse results for the oblivious transfer problem and the bit
commitment problem by relating them to secret key agreement. Finally, we derive
a necessary condition for the feasibility of secure computation by trusted
parties that seek to compute a function of their collective data, using an
interactive public communication that by itself does not give away the value of
the function. In many cases, we strengthen and improve upon previously known
converse bounds. Our results are single-shot and use only the given joint
distribution of the correlated observations. For the case when the correlated
observations consist of independent and identically distributed (in time)
sequences, we derive strong versions of previously known converses
Quantifying the Leakage of Quantum Protocols for Classical Two-Party Cryptography
We study quantum protocols among two distrustful parties. By adopting a
rather strict definition of correctness - guaranteeing that honest players
obtain their correct outcomes only - we can show that every strictly correct
quantum protocol implementing a non-trivial classical primitive necessarily
leaks information to a dishonest player. This extends known impossibility
results to all non-trivial primitives. We provide a framework for quantifying
this leakage and argue that leakage is a good measure for the privacy provided
to the players by a given protocol. Our framework also covers the case where
the two players are helped by a trusted third party. We show that despite the
help of a trusted third party, the players cannot amplify the cryptographic
power of any primitive. All our results hold even against quantum
honest-but-curious adversaries who honestly follow the protocol but purify
their actions and apply a different measurement at the end of the protocol. As
concrete examples, we establish lower bounds on the leakage of standard
universal two-party primitives such as oblivious transfer.Comment: 38 pages, completely supersedes arXiv:0902.403
Assisted Common Information: Further Results
We presented assisted common information as a generalization of
G\'acs-K\"orner (GK) common information at ISIT 2010. The motivation for our
formulation was to improve upperbounds on the efficiency of protocols for
secure two-party sampling (which is a form of secure multi-party computation).
Our upperbound was based on a monotonicity property of a rate-region (called
the assisted residual information region) associated with the assisted common
information formulation. In this note we present further results. We explore
the connection of assisted common information with the Gray-Wyner system. We
show that the assisted residual information region and the Gray-Wyner region
are connected by a simple relationship: the assisted residual information
region is the increasing hull of the Gray-Wyner region under an affine map.
Several known relationships between GK common information and Gray-Wyner system
fall out as consequences of this. Quantities which arise in other source coding
contexts acquire new interpretations. In previous work we showed that assisted
common information can be used to derive upperbounds on the rate at which a
pair of parties can {\em securely sample} correlated random variables, given
correlated random variables from another distribution. Here we present an
example where the bound derived using assisted common information is much
better than previously known bounds, and in fact is tight. This example
considers correlated random variables defined in terms of standard variants of
oblivious transfer, and is interesting on its own as it answers a natural
question about these cryptographic primitives.Comment: 8 pages, 3 figures, 1 appendix; to be presented at the IEEE
International Symposium on Information Theory, 201
On the power of two-party quantum cryptography
We study quantum protocols among two distrustful parties. Under the
sole assumption of correctness - guaranteeing that honest players
obtain their correct outcomes - we show that every protocol
implementing a non-trivial primitive necessarily leaks information to
a dishonest player. This extends known impossibility results to all
non-trivial primitives. We provide a framework for quantifying this
leakage and argue that leakage is a good measure for the privacy
provided to the players by a given protocol. Our framework also covers
the case where the two players are helped by a trusted third party. We
show that despite the help of a trusted third party, the players
cannot amplify the cryptographic power of any primitive. All our
results hold even against quantum honest-but-curious adversaries who
honestly follow the protocol but purify their actions and apply a
different measurement at the end of the protocol. As concrete
examples, we establish lower bounds on the leakage of standard
universal two-party primitives such as oblivious transfer
- …