A Boolean function ƒ: A<subscrpt>1</subscrpt> X A<subscrpt>2</subscrpt> X … X A<subscrpt><italic>n</italic></subscrpt> → {0,1} is <italic>t</italic> - private if there exists a protocol for computing ƒ so that no coalition of size ≤ <italic>t</italic> can infer any additional information from the execution, other than the value of the function. We show that ƒ is ⌈<italic>n</italic>/2⌉ - private if and only if it can be represented as ƒ (<italic>x</italic><subscrpt>1</subscrpt>, <italic>x</italic><subscrpt>2</subscrpt>, …, <italic>x</italic><subscrpt><italic>n</italic></subscrpt>) = ƒ (<italic>x</italic><subscrpt>1</subscrpt>) ⊕ ƒ<subscrpt>2</subscrpt>(<italic>x</italic><subscrpt>2</subscrpt>) ⊕ … ⊕ ƒ<subscrpt><italic>n</italic></subscrpt> (<italic>x</italic><subscrpt><italic>n</italic></subscrpt>, where the ƒ<subscrpt><italic>i</italic></subscrpt> are arbitrary Boolean functions. It follows that if ƒ is ⌈<italic>n</italic>/2⌉ - private, then it is also <italic>n</italic> - private. Combining this with a result of Ben-Or, Goldwasser, and Wigderson, we derive an interesting “zero-one” law for private distributed computation of Boolean functions: Every Boolean function defined over a finite domain is either <italic>n</italic> - private, or it is ⌈<italic>n</italic>-1/2⌉ - private but not ⌈<italic>n</italic>/2⌉ - private.
We also investigate a weaker notion of privacy, where (a) coalitions are allowed to infer a limited amount of additional information, and (b) there is a probability of error in the final output of the protocol. We show that the same characterization of ⌈<italic>n</italic>/2⌉ - private Boolean functions holds, even under these weaker requirements. In particular, this implies that for Boolean functions, the strong and the weak notions of privacy are equivalent.
[1]
Janos Simon,et al.
Probabilistic Communication Complexity
,
1986,
J. Comput. Syst. Sci..
[2]
A. Yao,et al.
Fair exchange with a semi-trusted third party (extended abstract)
,
1997,
CCS '97.
[3]
Josh Benaloh,et al.
Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing
,
1986,
CRYPTO.
[4]
Silvio Micali,et al.
How to play ANY mental game
,
1987,
STOC.
[5]
Avi Wigderson,et al.
Completeness theorems for non-cryptographic fault-tolerant distributed computation
,
1988,
STOC '88.
[6]
David Chaum,et al.
Multiparty unconditionally secure protocols
,
1988,
STOC '88.