Ran Gelles
ABSTRACT
Consider two parties Alice and Bob, who hold private inputs x and y, and wish to compute a function f(x, y) privately in the information theoretic sense; that is, each party should learn nothing beyond f(x, y). However, the communication channel available to them is noisy. This means that the channel can introduce errors in the transmission between the two parties. Moreover, the channel is adversarial in the sense that it knows the protocol that Alice and Bob are running, and maliciously introduces errors to disrupt the communication, subject to some bound on the total number of errors. A fundamental question in this setting is to design a protocol that remains private in the presence of large number of errors.
If Alice and Bob are only interested in computing f(x, y) correctly, and not privately, then quite robust protocols are known that can tolerate a constant fraction of errors. However, none of these solutions is applicable in the setting of privacy, as they inherently leak information about the parties' inputs. This leads to the question whether we can simultaneously achieve privacy and error-resilience against a constant fraction of errors.
We show that privacy and error-resilience are contradictory goals. In particular, we show that for every constant c > 0, there exists a function f which is privately computable in the error-less setting, but for which no private and correct protocol is resilient against a c-fraction of errors. The same impossibility holds also for sub-constant noise rate, e.g., when c is exponentially small (as a function of the input size).
- D. Beaver. Perfect privacy for two-party protocols. Proceedings of DIMACS Workshop on Distributed Computing and Cryptography, vol. 2, pp. 65--77. 1991.Google Scholar
Cross Ref
- Z. Brakerski and Y. T. Kalai. Efficient interactive coding against adversarial noise. FOCS '12, pp. 160--166. 2012. Google ScholarDigital Library
- Z. Brakerski and M. Naor. Fast algorithms for interactive coding. SODA '13, pp. 443--456. 2013.Google ScholarDigital Library
- M. Braverman and A. Rao. Towards coding for maximum errors in interactive communication. STOC '11, pp. 159--166. 2011. Google ScholarDigital Library
- C. Crépeau and J. Kilian. Achieving oblivious transfer using weakened security assumptions. FOCS '88, pp. 42--52. 1988. Google ScholarDigital Library
- B. Chor and E. Kushilevitz. A zero-one law for boolean privacy. SIAM Journal on Discrete Mathematics, 4(1):36--47, 1991. Google ScholarDigital Library
- K.-M. Chung, R. Pass, and S. Telang. Knowledge-preserving interactive coding. FOCS '13, pp. 449--458. 2013.Google ScholarDigital Library
- I. Damgård, S. Fehr, K. Morozov, and L. Salvail. Unfair noisy channels and oblivious transfer. M. Naor, ed., Theory of Cryptography, LNCS, vol. 2951, pp. 355--373. Springer Berlin, 2004.Google Scholar
- M. Franklin, R. Gelles, R. Ostrovsky, and L. J. Schulman. Optimal coding for streaming authentication and interactive communication. R. Canetti and J. A. Garay, eds., Advances in Cryptology - CRYPTO 2013, LNCS, vol. 8043. Springer Berlin, 2013.Google ScholarCross Ref
- R. Gelles, A. Moitra, and A. Sahai. Efficient and explicit coding for interactive communication. FOCS '11, pp. 768--777. 2011. Google ScholarDigital Library
- R. Gelles, A. Sahai, and A. Wadia. Private interactive communication across an adversarial channel. Cryptology ePrint Archive, Report 2013/259, 2013.Google Scholar
- J. Kilian. Founding crytpography on oblivious transfer. STOC '88, pp. 20--31. 1988. Google ScholarDigital Library
- E. Kushilevitz. Privacy and communication complexity. FOCS '89, pp. 416--421. IEEE Computer Society, 1989. Google ScholarDigital Library
- E. Kushilevitz. Privacy and communication complexity. SIAM Journal on Discrete Mathematics, 5(2):273--284, 1992. Google ScholarDigital Library
- H. K. Maji, M. Prabhakaran, and M. Rosulek. Complexity of multi-party computation problems: The case of 2-party symmetric secure function evaluation. O. Reingold, ed., Theory of Cryptography, LNCS, vol. 5444, pp. 256--273. Springer Berlin, 2009. Google ScholarDigital Library
- S. Rajagopalan and L. Schulman. A coding theorem for distributed computation. STOC '94, pp. 790--799. 1994. Google ScholarDigital Library
- L. J. Schulman. Deterministic coding for interactive communication. STOC '93, pp. 747--756. 1993. Google ScholarDigital Library
- L. J. Schulman. Coding for interactive communication. IEEE Transactions on Information Theory, 42(6):1745--1756, 1996. Google ScholarDigital Library
- C. E. Shannon. A mathematical theory of communication. ACM SIGMOBILE Mobile Computing and Communications Review, 5(1):3--55, 2001. Originally appeared in Bell System Tech. J. 27:379--423, 623--656, 1948. Google ScholarDigital Library
- W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders. The Journal of Finance, 16(1):8--37, 1961.Google ScholarCross Ref
Index Terms
- Private interactive communication across an adversarial channel
Recommendations
Private Interactive Communication Across an Adversarial Channel
Consider two parties, Alice and Bob, who hold private inputs x and y, and wish to compute a function f (x, y) privately in the information theoretic sense; that is, each party should learn nothing beyond f (x, y). However, the communication channel ...
Maximal Noise in Interactive Communication over Erasure Channels and Channels with Feedback
ITCS '15: Proceedings of the 2015 Conference on Innovations in Theoretical Computer ScienceWe provide tight upper and lower bounds on the noise resilience of interactive communication over noisy channels with feedback. In this setting, we show that the maximal fraction of noise that any robust protocol can resist is 1/3. Additionally, we ...
Constant-rate coding for multiparty interactive communication is impossible
STOC '16: Proceedings of the forty-eighth annual ACM symposium on Theory of ComputingWe study coding schemes for multiparty interactive communication over synchronous networks that suffer from stochastic noise, where each bit is independently flipped with probability ε. We analyze the minimal overhead that must be added by the coding ...
Comments