124 research outputs found
Assisted Common Information: Further Results
We presented assisted common information as a generalization of
G\'acs-K\"orner (GK) common information at ISIT 2010. The motivation for our
formulation was to improve upperbounds on the efficiency of protocols for
secure two-party sampling (which is a form of secure multi-party computation).
Our upperbound was based on a monotonicity property of a rate-region (called
the assisted residual information region) associated with the assisted common
information formulation. In this note we present further results. We explore
the connection of assisted common information with the Gray-Wyner system. We
show that the assisted residual information region and the Gray-Wyner region
are connected by a simple relationship: the assisted residual information
region is the increasing hull of the Gray-Wyner region under an affine map.
Several known relationships between GK common information and Gray-Wyner system
fall out as consequences of this. Quantities which arise in other source coding
contexts acquire new interpretations. In previous work we showed that assisted
common information can be used to derive upperbounds on the rate at which a
pair of parties can {\em securely sample} correlated random variables, given
correlated random variables from another distribution. Here we present an
example where the bound derived using assisted common information is much
better than previously known bounds, and in fact is tight. This example
considers correlated random variables defined in terms of standard variants of
oblivious transfer, and is interesting on its own as it answers a natural
question about these cryptographic primitives.Comment: 8 pages, 3 figures, 1 appendix; to be presented at the IEEE
International Symposium on Information Theory, 201
New Notions of Security: Achieving Universal Composability without Trusted Setup
We propose a modification to the framework of Universally Composable (UC) security [3]. Our new notion, involves comparing the protocol executions with an ideal execution involving ideal functionalities (just as in UC-security), but allowing the environment and adversary access to some super-polynomial computational power. We argue the meaningfulness of the new notion, which in particular subsumes many of the traditional notions of security. We generalize the Universal Composition theorem of [3] to the new setting. Then under new computational assumptions, we realize secure multi-party computation (for static adversaries) without a common reference string or any other set-up assumptions, in the new framework. This is known to be impossible under the UC framework.
The Oblivious Transfer Capacity of the Wiretapped Binary Erasure Channel
We consider oblivious transfer between Alice and Bob in the presence of an
eavesdropper Eve when there is a broadcast channel from Alice to Bob and Eve.
In addition to the secrecy constraints of Alice and Bob, Eve should not learn
the private data of Alice and Bob. When the broadcast channel consists of two
independent binary erasure channels, we derive the oblivious transfer capacity
for both 2-privacy (where the eavesdropper may collude with either party) and
1-privacy (where there are no collusions).Comment: This is an extended version of the paper "The Oblivious Transfer
Capacity of the Wiretapped Binary Erasure Channel" to be presented at ISIT
201
How to Securely Compute the Modulo-Two Sum of Binary Sources
In secure multiparty computation, mutually distrusting users in a network
want to collaborate to compute functions of data which is distributed among the
users. The users should not learn any additional information about the data of
others than what they may infer from their own data and the functions they are
computing. Previous works have mostly considered the worst case context (i.e.,
without assuming any distribution for the data); Lee and Abbe (2014) is a
notable exception. Here, we study the average case (i.e., we work with a
distribution on the data) where correctness and privacy is only desired
asymptotically.
For concreteness and simplicity, we consider a secure version of the function
computation problem of K\"orner and Marton (1979) where two users observe a
doubly symmetric binary source with parameter p and the third user wants to
compute the XOR. We show that the amount of communication and randomness
resources required depends on the level of correctness desired. When zero-error
and perfect privacy are required, the results of Data et al. (2014) show that
it can be achieved if and only if a total rate of 1 bit is communicated between
every pair of users and private randomness at the rate of 1 is used up. In
contrast, we show here that, if we only want the probability of error to vanish
asymptotically in block length, it can be achieved by a lower rate (binary
entropy of p) for all the links and for private randomness; this also
guarantees perfect privacy. We also show that no smaller rates are possible
even if privacy is only required asymptotically.Comment: 6 pages, 1 figure, extended version of submission to IEEE Information
Theory Workshop, 201
- …