A zero-one law for Boolean privacy

A Boolean function ƒ: A<subscrpt>1</subscrpt> X A<subscrpt>2</subscrpt> X … X A<subscrpt><italic>n</italic></subscrpt> → {0,1} is <italic>t</italic> - private if there exists a protocol for computing ƒ so that no coalition of size ≤ <italic>t</italic> can infer any additional information from the execution, other than the value of the function. We show that ƒ is ⌈<italic>n</italic>/2⌉ - private if and only if it can be represented as ƒ (<italic>x</italic><subscrpt>1</subscrpt>, <italic>x</italic><subscrpt>2</subscrpt>, …, <italic>x</italic><subscrpt><italic>n</italic></subscrpt>) = ƒ (<italic>x</italic><subscrpt>1</subscrpt>) ⊕ ƒ<subscrpt>2</subscrpt>(<italic>x</italic><subscrpt>2</subscrpt>) ⊕ … ⊕ ƒ<subscrpt><italic>n</italic></subscrpt> (<italic>x</italic><subscrpt><italic>n</italic></subscrpt>, where the ƒ<subscrpt><italic>i</italic></subscrpt> are arbitrary Boolean functions. It follows that if ƒ is ⌈<italic>n</italic>/2⌉ - private, then it is also <italic>n</italic> - private. Combining this with a result of Ben-Or, Goldwasser, and Wigderson, we derive an interesting “zero-one” law for private distributed computation of Boolean functions: Every Boolean function defined over a finite domain is either <italic>n</italic> - private, or it is ⌈<italic>n</italic>-1/2⌉ - private but not ⌈<italic>n</italic>/2⌉ - private. We also investigate a weaker notion of privacy, where (a) coalitions are allowed to infer a limited amount of additional information, and (b) there is a probability of error in the final output of the protocol. We show that the same characterization of ⌈<italic>n</italic>/2⌉ - private Boolean functions holds, even under these weaker requirements. In particular, this implies that for Boolean functions, the strong and the weak notions of privacy are equivalent.