Placing Conditional Disclosure of Secrets in the Communication Complexity Universe

In the conditional disclosure of secrets (CDS) problem (Gertner et al., J. Comput. Syst. Sci., 2000) Alice and Bob, who hold n-bit inputs x and y respectively, wish to release a common secret z to Carol (who knows both x and y) if and only if the input (x, y) satisfies some predefined predicate f . Alice and Bob are allowed to send a single message to Carol which may depend on their inputs and some shared randomness, and the goal is to minimize the communication complexity while providing information-theoretic security. Despite the growing interest in this model, very few lower-bounds are known. In this paper, we relate the CDS complexity of a predicate f to its communication complexity under various communication games. For several basic predicates our results yield tight, or almost tight, lowerbounds of Ω(n) or Ω(n1− ), providing an exponential improvement over previous logarithmic lower-bounds. We also define new communication complexity classes that correspond to different variants of the CDS model and study the relations between them and their complements. Notably, we show that allowing for imperfect correctness can significantly reduce communication – a seemingly new phenomenon in the context of information-theoretic cryptography. Finally, our results show that proving explicit super-logarithmic lower-bounds for imperfect CDS protocols is a necessary step towards proving explicit lower-bounds against the class AM, or even AM ∩ coAM – a well known open problem in the theory of communication complexity. Thus imperfect CDS forms a new minimal class which is placed just beyond the boundaries of the “civilized” part of the communication complexity world for which explicit lower-bounds are known. 2012 ACM Subject Classification Theory of computation → Communication complexity, Theory of computation → Cryptographic protocols

[1]  Ron Rothblum,et al.  From Laconic Zero-Knowledge to Public-Key Cryptography , 2018, Electron. Colloquium Comput. Complex..

[2]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[3]  Eyal Kushilevitz,et al.  The Complexity of Multiparty PSM Protocols and Related Models , 2018, IACR Cryptol. ePrint Arch..

[4]  Benny Applebaum,et al.  The Communication Complexity of Private Simultaneous Messages, Revisited , 2018, Electron. Colloquium Comput. Complex..

[5]  Yuval Ishai,et al.  Partial Garbling Schemes and Their Applications , 2014, ICALP.

[6]  Vinod Vaikuntanathan,et al.  Conditional Disclosure of Secrets via Non-linear Reconstruction , 2017, CRYPTO.

[7]  Toniann Pitassi,et al.  Zero-Information Protocols and Unambiguity in Arthur–Merlin Communication , 2015, Algorithmica.

[8]  Benny Applebaum,et al.  From Private Simultaneous Messages to Zero-Information Arthur-Merlin Protocols and Back , 2016, TCC.

[9]  Alfredo De Santis,et al.  On the Size of Shares for Secret Sharing Schemes , 1991, CRYPTO.

[10]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[11]  Noam Nisan,et al.  On Randomized One-round Communication Complexity , 1995, STOC '95.

[12]  Ilan Newman,et al.  Private vs. Common Random Bits in Communication Complexity , 1991, Inf. Process. Lett..

[13]  Yuval Ishai,et al.  On the Hardness of Information-Theoretic Multiparty Computation , 2004, EUROCRYPT.

[14]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[15]  Yevgeniy Dodis,et al.  Shannon Impossibility, Revisited , 2012, ICITS.

[16]  Prashant Nalini Vasudevan,et al.  Conditional Disclosure of Secrets: Amplification, Closure, Amortization, Lower-Bounds, and Separations , 2017, CRYPTO.

[17]  Vinod Vaikuntanathan,et al.  Breaking the circuit-size barrier in secret sharing , 2018, IACR Cryptol. ePrint Arch..

[18]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[19]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[20]  Anat Paskin-Cherniavsky,et al.  Secure Multiparty Computation with Minimal Interaction , 2010, CRYPTO.

[21]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[22]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[23]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[24]  Adam Bouland,et al.  On the Power of Statistical Zero Knowledge , 2016, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[25]  Amos Beimel,et al.  Optimal Linear Multiparty Conditional Disclosure of Secrets Protocols , 2018, IACR Cryptol. ePrint Arch..

[26]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[27]  Peter Frankl,et al.  Complexity classes in communication complexity theory (preliminary version) , 1986, IEEE Annual Symposium on Foundations of Computer Science.

[28]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[29]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[30]  Benny Applebaum,et al.  On the Power of Amortization in Secret Sharing: d-Uniform Secret Sharing and CDS with Constant Information Rate , 2018, TCC.

[31]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[32]  Thomas Holenstein,et al.  On the Randomness of Independent Experiments , 2006, IEEE Transactions on Information Theory.

[33]  Hung-Min Sun,et al.  Secret sharing in graph-based prohibited structures , 1997, Proceedings of INFOCOM '97.

[34]  Hoeteck Wee,et al.  Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption , 2015, CRYPTO.

[35]  E. Kushilevitz,et al.  Communication Complexity: Basics , 1996 .

[36]  Satyanarayana V. Lokam Spectral Methods for Matrix Rigidity with Applications to Size-Depth Trade-offs and Communication Complexity , 2001, J. Comput. Syst. Sci..

[37]  Ernest F. Brickell,et al.  On the classification of ideal secret sharing schemes , 1989, Journal of Cryptology.

[38]  Peter Bro Miltersen,et al.  On data structures and asymmetric communication complexity , 1994, STOC '95.

[39]  Toniann Pitassi,et al.  The Landscape of Communication Complexity Classes , 2018, computational complexity.

[40]  Yuval Ishai,et al.  On the Cryptographic Complexity of the Worst Functions , 2014, TCC.

[41]  Amos Beimel,et al.  Linear Secret-Sharing Schemes for Forbidden Graph Access Structures , 2017, TCC.

[42]  Yuval Ishai,et al.  On the randomness complexity of efficient sampling , 2006, STOC '06.

[43]  Vinod Vaikuntanathan,et al.  Towards Breaking the Exponential Barrier for General Secret Sharing , 2017, IACR Cryptol. ePrint Arch..

[44]  Hartmut Klauck,et al.  On Arthur Merlin Games in Communication Complexity , 2011, 2011 IEEE 26th Annual Conference on Computational Complexity.

[45]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[46]  Nuttapong Attrapadung,et al.  Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More , 2014, IACR Cryptol. ePrint Arch..