Communication and Randomness Lower Bounds for Secure Computation

In secure multiparty computation (MPC), mutually distrusting users collaborate to compute a function of their private data without revealing any additional information about their data to the other users. While it is known that information theoretically secure MPC is possible among n users having access to private randomness and are pairwise connected by secure, noiseless, and bidirectional links against the collusion of less than n/2 users (in the honest-but-curious model; the threshold is n/3 in the malicious model), relatively little is known about the communication and randomness complexity of secure computation, i.e., the amount of communication and randomness required to compute securely. In this paper, we employ information theoretic techniques to obtain lower bounds on communication and randomness complexity of secure MPC. We restrict ourselves to a concrete interactive setting involving three users under which all functions are securely computable against corruption of individual users in the honest-but-curious model. We derive lower bounds for both the perfect security case (i.e., zero-error and no leakage of information) and asymptotic security (where the probability of error and information leakage vanish as block-length goes to ∞). Our techniques include the use of a data processing inequality for residual information (i.e., the gap between mutual information and Gács-Körner common information), a new information inequality for three-user protocols, and the idea of distribution switching by which lower bounds computed under certain worst case scenarios can be shown to apply for the general case. Our lower bounds are shown to be tight for various functions of interest. In particular, we show concrete functions which have communication-ideal protocols, i.e., which achieve the minimum communication simultaneously on all links in the network. Also, we obtain the first explicit example of a function that incurs a higher communication cost than the input length, in the secure computation model of Feige et al. (26th Annual ACM Symposium on Theory of Computing, 1994), who had shown that such functions exist. We also show that our communication bounds imply tight lower bounds on the amount of randomness required by MPC protocols for many interesting functions.

[1]  Eyal Kushilevitz,et al.  A Communication-Privacy Tradeoff for Modular Addition , 1993, Inf. Process. Lett..

[2]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[3]  Giovanni Di Crescenzo,et al.  Multi-Secret Sharing Schemes , 1994, CRYPTO.

[4]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[5]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[6]  János Körner,et al.  How to encode the modulo-two sum of binary sources (Corresp.) , 1979, IEEE Trans. Inf. Theory.

[7]  Iordanis Kerenidis,et al.  Lower Bounds on Information Complexity via Zero-Communication Protocols and Applications , 2012, SIAM J. Comput..

[8]  Imre Csiszár,et al.  Information Theory - Coding Theorems for Discrete Memoryless Systems, Second Edition , 2011 .

[9]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[10]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[11]  Matthew K. Franklin,et al.  Communication complexity of secure computation (extended abstract) , 1992, STOC '92.

[12]  Sanjeev Arora,et al.  Computational Complexity: A Modern Approach , 2009 .

[13]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[14]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[15]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[16]  Andrew Chi-Chih Yao,et al.  Some complexity questions related to distributive computing(Preliminary Report) , 1979, STOC.

[17]  Eyal Kushilevitz,et al.  A Randomness-Rounds Tradeoff in Private Computation , 1994, SIAM J. Discret. Math..

[18]  Andrew Chi-Chih Yao,et al.  Informational complexity and the direct sum problem for simultaneous message complexity , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[19]  Eun Jee Lee,et al.  Two shannon-type problems on secure multi-party computations , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[20]  H. S. WITSENHAUSEN,et al.  The zero-error side information problem and chromatic numbers (Corresp.) , 1976, IEEE Trans. Inf. Theory.

[21]  Aaron D. Wyner,et al.  The rate-distortion function for source coding with side information at the decoder , 1976, IEEE Trans. Inf. Theory.

[22]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[23]  Stefan Wolf,et al.  New Monotones and Lower Bounds in Unconditional Two-Party Computation , 2008, IEEE Transactions on Information Theory.

[24]  Ueli Maurer,et al.  Secret-key agreement over unauthenticated public channels III: Privacy amplification , 2003, IEEE Trans. Inf. Theory.

[25]  Hirosuke Yamamoto,et al.  Wyner-Ziv theory for a general function of the correlated sources , 1982, IEEE Trans. Inf. Theory.

[26]  D SIAMJ. RANDOMNESS IN PRIVATE COMPUTATIONS , 1997 .

[27]  Prakash Ishwar,et al.  Some Results on Distributed Source Coding for Interactive Function Computation , 2011, IEEE Transactions on Information Theory.

[28]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[29]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[30]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[31]  Yuval Ishai,et al.  On the Cryptographic Complexity of the Worst Functions , 2014, TCC.

[32]  Vinod M. Prabhakaran,et al.  How to securely compute the modulo-two sum of binary sources , 2014, 2014 IEEE Information Theory Workshop (ITW 2014).

[33]  Silvio Micali,et al.  Parallel Reducibility for Information-Theoretically Secure Computation , 2000, CRYPTO.

[34]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[35]  Vinod M. Prabhakaran,et al.  Assisted Common Information With an Application to Secure Two-Party Sampling , 2014, IEEE Transactions on Information Theory.

[36]  Robert M. Gray,et al.  Coding for noisy channels , 2011 .

[37]  Prakash Ishwar,et al.  The Infinite-Message Limit of Two-Terminal Interactive Source Coding , 2009, IEEE Transactions on Information Theory.

[38]  Amos Beimel,et al.  Secret Sharing and Non-Shannon Information Inequalities , 2011, IEEE Transactions on Information Theory.

[39]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[40]  Anna Gál,et al.  Omega(log n) Lower Bounds on the Amount of Randomness in 2-Private Computation , 2005, SIAM J. Comput..

[41]  Silvio Micali,et al.  Lower Bounds for Oblivious Transfer Reductions , 1999, EUROCRYPT.

[42]  Yuval Ishai,et al.  On the Hardness of Information-Theoretic Multiparty Computation , 2004, EUROCRYPT.

[43]  Piyush Gupta,et al.  Interactive Source Coding for Function Computation in Collocated Networks , 2012, IEEE Transactions on Information Theory.

[44]  Alon Orlitsky,et al.  Coding for computing , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[45]  Thomas M. Cover,et al.  Network Information Theory , 2001 .

[46]  Noga Alon,et al.  Source coding and graph entropies , 1996, IEEE Trans. Inf. Theory.

[47]  Alfredo De Santis,et al.  Randomness complexity of private computation , 1999, computational complexity.

[48]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Oblivious Transfer Reductions , 2010, IACR Cryptol. ePrint Arch..

[49]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[50]  A. Razborov Communication Complexity , 2011 .

[51]  Abbas El Gamal,et al.  Network Information Theory , 2021, 2021 IEEE 3rd International Conference on Advanced Trends in Information Theory (ATIT).

[52]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[53]  Rafail Ostrovsky,et al.  Characterizing linear size circuits in terms of privacy , 1996, STOC '96.

[54]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .