On the Efficiency of Classical and Quantum Secure Function Evaluation

We provide bounds on the efficiency of secure one-sided output two-party computation of arbitrary finite functions from trusted distributed randomness in the statistical case. From these results we derive bounds on the efficiency of protocols that use different variants of OT as a black-box. When applied to implementations of OT, these bounds generalize most known results to the statistical case. Our results hold in particular for transformations between a finite number of primitives and for any error. In the second part we study the efficiency of quantum protocols implementing OT. While most classical lower bounds for perfectly secure reductions of OT to distributed randomness still hold in the quantum setting, we present a statistically secure protocol that violates these bounds by an arbitrarily large factor. We then prove a weaker lower bound that does hold in the statistical quantum setting and implies that even quantum protocols cannot extend OT. Finally, we present two lower bounds for reductions of OT to commitments and a protocol based on string commitments that is optimal with respect to both of these bounds

Communication Complexity and Secure Function Evaluation

We suggest two new methodologies for the design of efficient secure protocols, that differ with respect to their underlying computational models. In one methodology we utilize the communication complexity tree (or branching for f and transform it into a secure protocol. In other words, "any function f that can be computed using communication complexity c can be can be computed securely using communication complexity that is polynomial in c and a security parameter". The second methodology uses the circuit computing f, enhanced with look-up tables as its underlying computational model. It is possible to simulate any RAM machine in this model with polylogarithmic blowup. Hence it is possible to start with a computation of f on a RAM machine and transform it into a secure protocol. We show many applications of these new methodologies resulting in protocols efficient either in communication or in computation. In particular, we exemplify a protocol for the "millionaires problem", where two participants want to compare their values but reveal no other information. Our protocol is more efficient than previously known ones in either communication or computation

Physical Foundations of Landauer's Principle

We review the physical foundations of Landauer's Principle, which relates the loss of information from a computational process to an increase in thermodynamic entropy. Despite the long history of the Principle, its fundamental rationale and proper interpretation remain frequently misunderstood. Contrary to some misinterpretations of the Principle, the mere transfer of entropy between computational and non-computational subsystems can occur in a thermodynamically reversible way without increasing total entropy. However, Landauer's Principle is not about general entropy transfers; rather, it more specifically concerns the ejection of (all or part of) some correlated information from a controlled, digital form (e.g., a computed bit) to an uncontrolled, non-computational form, i.e., as part of a thermal environment. Any uncontrolled thermal system will, by definition, continually re-randomize the physical information in its thermal state, from our perspective as observers who cannot predict the exact dynamical evolution of the microstates of such environments. Thus, any correlations involving information that is ejected into and subsequently thermalized by the environment will be lost from our perspective, resulting directly in an irreversible increase in total entropy. Avoiding the ejection and thermalization of correlated computational information motivates the reversible computing paradigm, although the requirements for computations to be thermodynamically reversible are less restrictive than frequently described, particularly in the case of stochastic computational operations. There are interesting possibilities for the design of computational processes that utilize stochastic, many-to-one computational operations while nevertheless avoiding net entropy increase that remain to be fully explored.Comment: 42 pages, 15 figures, extended postprint of a paper published in the 10th Conf. on Reversible Computation (RC18), Leicester, UK, Sep. 201

All Complete Functionalities are Reversible

Crepeau and Santha, in 1991, posed the question of reversibility of functionalities, that is, which functionalities when used in one direction, could securely implement the identical functionality in the reverse direction. Wolf and Wullschleger, in 2006, showed that oblivious transfer is reversible. We study the problem of reversibility among 2-party SFE functionalities, which also enable general multi-party computation, in the information-theoretic setting. We show that any functionality that enables general multi-party computation, when used in both directions, is reversible. In fact, we show that any such functionality can securely realize oblivious transfer when used in an a priori fixed direction. This result enables secure computation using physical setups that parties can only use in a particular direction due to inherent asymmetries in them

Non-interactive XOR quantum oblivious transfer: optimal protocols and their experimental implementations

Oblivious transfer (OT) is an important cryptographic primitive. Any multi-party computation can be realised with OT as building block. XOR oblivious transfer (XOT) is a variant where the sender Alice has two bits, and a receiver Bob obtains either the first bit, the second bit, or their XOR. Bob should not learn anything more than this, and Alice should not learn what Bob has learnt. Perfect quantum OT with information-theoretic security is known to be impossible. We determine the smallest possible cheating probabilities for unrestricted dishonest parties in non-interactive quantum XOT protocols using symmetric pure states, and present an optimal protocol, which outperforms classical protocols. We also "reverse" this protocol, so that Bob becomes sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob. Cheating probabilities for both parties stay the same as for the unreversed protocol. We optically implemented both the unreversed and the reversed protocols, and cheating strategies, noting that the reversed protocol is easier to implement.Comment: 21 pages, 6 figure

Generalized Entropies

We study an entropy measure for quantum systems that generalizes the von Neumann entropy as well as its classical counterpart, the Gibbs or Shannon entropy. The entropy measure is based on hypothesis testing and has an elegant formulation as a semidefinite program, a type of convex optimization. After establishing a few basic properties, we prove upper and lower bounds in terms of the smooth entropies, a family of entropy measures that is used to characterize a wide range of operational quantities. From the formulation as a semidefinite program, we also prove a result on decomposition of hypothesis tests, which leads to a chain rule for the entropy.Comment: 21 page

On the Transformation Capability of Feasible Mechanisms for Programmable Matter

We study theoretical models of programmable matter systems, consisting of n spherical modules kept together by magnetic or electrostatic forces and able to perform two minimal mechanical operations (movements): rotate and/or slide. The goal is for an initial shape A to transform to some target shape B by a sequence of movements. Most of the paper focuses on transformability (feasibility) questions. When only rotation is available, we prove that deciding whether two given shapes can transform to each other, is in P. Under the additional restriction of maintaining global connectivity, we prove inclusion in PSPACE and explore minimum seeds that can make otherwise infeasible transformations feasible. Allowing both rotations and slidings yields universality: any two connected shapes of the same order can be transformed to each other without breaking connectivity, in O(n2) sequential and O(n) parallel time (both optimal). We finally provide a type of distributed transformation