19,191 research outputs found
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
Analysis of Key Management Schemes for Secure Group Communication and Their Classification
Secure Group Communication is very critical for applications like board-meetings, group discussions and teleconferencing. Managing a
set of secure group keys and group dynamics are the fundamental building blocks for secure group communication systems. Several
group key management techniques have been proposed so far by many researchers. Some schemes are information theoretic and some are complexity theoretic in nature. Users in the secure group may negotiate with each other to derive a common group key or may
compute the group key on their own. Some schemes involve a trusted Key Distribution Center (KDC), which generates and distributes initial pieces of information, whereas in other schemes users themselves select their private information. Storage at each user and communication cost among members of the group vary from scheme to scheme. Here, in this paper we discuss some of the key management schemes proposed earlier based on the considerations mentioned above. We also analyze the schemes with respect to storage, communication and computation costs
Analysis of Key Management Schemes for Secure Group Communication and Their Classification
Secure Group Communication is very critical for applications like board-meetings, group discussions and teleconferencing. Managing a
set of secure group keys and group dynamics are the fundamental building blocks for secure group communication systems. Several
group key management techniques have been proposed so far by many researchers. Some schemes are information theoretic and some are complexity theoretic in nature. Users in the secure group may negotiate with each other to derive a common group key or may
compute the group key on their own. Some schemes involve a trusted Key Distribution Center (KDC), which generates and distributes initial pieces of information, whereas in other schemes users themselves select their private information. Storage at each user and communication cost among members of the group vary from scheme to scheme. Here, in this paper we discuss some of the key management schemes proposed earlier based on the considerations mentioned above. We also analyze the schemes with respect to storage, communication and computation costs
Information-Theoretic Broadcast with Dishonest Majority for Long Messages
Byzantine broadcast is a fundamental primitive for secure computation. In a setting with parties in the presence of an adversary controlling at most parties,
while a lot of progress in optimizing communication complexity has been made for , little progress has been made for the general case , especially for information-theoretic security. In particular, all information-theoretic secure broadcast protocols for -bit messages and and optimal round complexity have, so far, required a communication complexity of . A broadcast extension protocol allows a long message to be broadcast more efficiently using a small number of single-bit broadcasts. Through broadcast extension, so far, the best achievable round complexity for setting with the optimal communication complexity
of is rounds.
In this work, we construct a new broadcast extension protocol for with information-theoretic security. Our protocol improves the round complexity to while maintaining the optimal communication complexity for long messages. Our result shortens the gap between the information-theoretic setting and the computational setting, and between the optimal communication protocol and the optimal round protocol in the information-theoretic setting for
Towards Characterizing Securely Computable Two-Party Randomized Functions
A basic question of cryptographic complexity is to combinatorially
characterize all randomized functions which have information-theoretic
semi-honest secure 2-party computation protocols. The corresponding question
for deterministic functions was answered almost three decades back, by
Kushilevitz (FOCS 1989). In this work, we make progress towards
understanding securely computable `randomized\u27 functions. We bring
tools developed in the study of completeness to bear on this problem. In
particular, our characterizations are obtained by considering only symmetric
functions with a combinatorial property called `simplicity\u27
(Maji et al. Indocrypt 2012).
Our main result is a complete combinatorial characterization of
randomized functions with `ternary output\u27 kernels, that have
information-theoretic semi-honest secure 2-party computation protocols. In
particular, we show that there exist simple randomized functions with
ternary output that do not have secure computation protocols. (For
deterministic functions, the smallest output alphabet size of such a
function is 5, due to an example given by Beaver, DIMACS Workshop on Distributed Computing and Cryptography 1989.)
Also, we give a complete combinatorial characterization of randomized
functions that have `2-round\u27 information-theoretic semi-honest secure
2-party computation protocols.
We also give a counter-example to a natural conjecture for the full
characterization, namely, that all securely computable simple functions have secure
protocols with a unique transcript for each output value. This conjecture
is in fact true for deterministic functions, and -- as our results above
show -- for ternary functions and for functions with 2-round secure
protocols
Private and Oblivious Set and Multiset Operations
Privacy-preserving set operations, and set intersection in particular, are
a popular research topic. Despite a large body of literature, the great
majority of the available solutions are two-party protocols and are not
composable. In this work we design a comprehensive suite of secure
multi-party protocols for set and multiset operations that are
composable, do not assume any knowledge of the sets by the parties
carrying out the secure computation, and can be used for secure
outsourcing. All of our protocols have communication and computation
complexity of for sets or multisets of size , which
compares favorably with prior work. Furthermore, we are not aware of any
results that realize composable operations. Our protocols are secure in
the information theoretic sense and are designed to minimize the round
complexity. Practicality of our solutions is shown through experimental
results
Complexity-Theoretic Limitations on Blind Delegated Quantum Computation
Blind delegation protocols allow a client to delegate a computation to a
server so that the server learns nothing about the input to the computation
apart from its size. For the specific case of quantum computation we know that
blind delegation protocols can achieve information-theoretic security. In this
paper we prove, provided certain complexity-theoretic conjectures are true,
that the power of information-theoretically secure blind delegation protocols
for quantum computation (ITS-BQC protocols) is in a number of ways constrained.
In the first part of our paper we provide some indication that ITS-BQC
protocols for delegating computations in which the client and the
server interact only classically are unlikely to exist. We first show that
having such a protocol with bits of classical communication implies
that . We conjecture that this
containment is unlikely by providing an oracle relative to which . We then show that if an ITS-BQC protocol
exists with polynomial classical communication and which allows the client to
delegate quantum sampling problems, then there exist non-uniform circuits of
size , making polynomially-sized queries to
an oracle, for computing the permanent of an matrix.
The second part of our paper concerns ITS-BQC protocols in which the client and
the server engage in one round of quantum communication and then exchange
polynomially many classical messages. First, we provide a complexity-theoretic
upper bound on the types of functions that could be delegated in such a
protocol, namely . Then, we show that
having such a protocol for delegating -hard functions implies
.Comment: Improves upon, supersedes and corrects our earlier submission, which
previously included an error in one of the main theorem
Quantum Garbled Circuits
We present a garbling scheme for quantum circuits, thus achieving a
decomposable randomized encoding scheme for quantum computation. Specifically,
we show how to compute an encoding of a given quantum circuit and quantum
input, from which it is possible to derive the output of the computation and
nothing else. In the classical setting, garbled circuits (and randomized
encodings in general) are a versatile cryptographic tool with many applications
such as secure multiparty computation, delegated computation, depth-reduction
of cryptographic primitives, complexity lower-bounds, and more. However, a
quantum analogue for garbling general circuits was not known prior to this
work. We hope that our quantum randomized encoding scheme can similarly be
useful for applications in quantum computing and cryptography.
To illustrate the usefulness of quantum randomized encoding, we use it to
design a conceptually-simple zero-knowledge (ZK) proof system for the
complexity class . Our protocol has the so-called format
with a single-bit challenge, and allows the inputs to be delayed to the last
round. The only previously-known ZK -protocol for is due
to Broadbent and Grilo (FOCS 2020), which does not have the aforementioned
properties.Comment: 66 pages. Updated the erroneous claim from v1 about the complexity of
information-theoretic QRE as matching the classical case. Added an
application of QRE to zero-knowledge for QM
- âŠ