On the Communication Complexity of Secure Computation

Information theoretically secure multi-party computation (MPC) is a central primitive of modern cryptography. However, relatively little is known about the communication complexity of this primitive. In this work, we develop powerful information theoretic tools to prove lower bounds on the communication complexity of MPC. We restrict ourselves to a 3-party setting in order to bring out the power of these tools without introducing too many complications. Our techniques include the use of a data processing inequality for residual information - i.e., the gap between mutual information and G\'acs-K\"orner common information, a new information inequality for 3-party protocols, and the idea of distribution switching by which lower bounds computed under certain worst-case scenarios can be shown to apply for the general case. Using these techniques we obtain tight bounds on communication complexity by MPC protocols for various interesting functions. In particular, we show concrete functions that have "communication-ideal" protocols, which achieve the minimum communication simultaneously on all links in the network. Also, we obtain the first explicit example of a function that incurs a higher communication cost than the input length in the secure computation model of Feige, Kilian and Naor (1994), who had shown that such functions exist. We also show that our communication bounds imply tight lower bounds on the amount of randomness required by MPC protocols for many interesting functions.Comment: 37 page

Efficient One-Way Secret-Key Agreement and Private Channel Coding via Polarization

We introduce explicit schemes based on the polarization phenomenon for the tasks of one-way secret key agreement from common randomness and private channel coding. For the former task, we show how to use common randomness and insecure one-way communication to obtain a strongly secure key such that the key construction has a complexity essentially linear in the blocklength and the rate at which the key is produced is optimal, i.e., equal to the one-way secret-key rate. For the latter task, we present a private channel coding scheme that achieves the secrecy capacity using the condition of strong secrecy and whose encoding and decoding complexity are again essentially linear in the blocklength.Comment: 18.1 pages, 2 figures, 2 table

Quantum state merging and negative information

We consider a quantum state shared between many distant locations, and define a quantum information processing primitive, state merging, that optimally merges the state into one location. As announced in [Horodecki, Oppenheim, Winter, Nature 436, 673 (2005)], the optimal entanglement cost of this task is the conditional entropy if classical communication is free. Since this quantity can be negative, and the state merging rate measures partial quantum information, we find that quantum information can be negative. The classical communication rate also has a minimum rate: a certain quantum mutual information. State merging enabled one to solve a number of open problems: distributed quantum data compression, quantum coding with side information at the decoder and sender, multi-party entanglement of assistance, and the capacity of the quantum multiple access channel. It also provides an operational proof of strong subadditivity. Here, we give precise definitions and prove these results rigorously.Comment: 23 pages, 3 figure

Precise evaluation of leaked information with universal2 privacy amplification in the presence of quantum attacker

We treat secret key extraction when the eavesdropper has correlated quantum states. We propose quantum privacy amplification theorems different from Renner's, which are based on quantum conditional R\'{e}nyi entropy of order 1+s. Using those theorems, we derive an exponential decreasing rate for leaked information and the asymptotic equivocation rate, which have not been derived hitherto in the quantum setting