Consider the representative task of designing a distributed coin-tossing protocol for n processors such that the probability of heads is X0 ∈ [0, 1], and an adversary can reset one processor to change the distribution of the final outcome. For X0 = 1/2, in the non-cryptographic setting, no adversary can deviate the probability of the outcome of the well-known Blum's "majority protocol" by more than 1 √ 2πn , i.e., it is 1 √ 2πn insecure. For computationally bounded adversaries and any X0 ∈ [0, 1], the protocol of Moran, Naor, and Segev (2009) is only O 1 n insecure. In this paper, we study discrete-time martingales (X0, X1, . . . , Xn) such that Xi ∈ [0, 1], for all i ∈ {0, . . . , n}, and Xn ∈ {0, 1}. These martingales are commonplace in modeling stochastic processes like coin-tossing protocols in the non-cryptographic setting mentioned above. In particular, for any X0 ∈ [0, 1], we construct martingales that yield 1 2 X 0 (1−X 0 ) n insecure coin-tossing protocols with n-bit communication; irrespective of the number of bits required to represent the output distribution. Note that for sufficiently small X0, we achieve higher security than Moran et al.'s protocol even against computationally unbounded adversaries. For X0 = 1/2, our protocol requires only 40% of the processors to achieve the same security as the majority protocol.The technical heart of our paper is a new inductive technique that uses geometric transformations to precisely account for the large gaps in these martingales. For any X0 ∈ [0, 1], we show that there exists a stopping time τ such thatThe inductive technique simultaneously constructs martingales that demonstrate the optimality of our bound, i.e., a martingale where the gap corresponding to any stopping time is small. In particular, we construct optimal martingales such that any stopping time τ hasOur lower-bound holds for all X0 ∈ [0, 1]; while the previous bound of Cleve and Impagliazzo (1993) exists only for positive constant X0. Conceptually, our approach only employs elementary techniques to analyze these martingales and entirely circumvents the complex probabilistic tools inherent to the approaches of Cleve and Impagliazzo (1993) and Beimel, Haitner, Makriyannis, and Omri (2018). By appropriately restricting the set of possible stopping-times, we present representative applications to constructing distributed coin-tossing/dice-rolling protocols, discrete control processes, fail-stop attacking coin-tossing/dice-rolling protocols, and black-box separations. ACM Subject ClassificationMathematics of computing → Markov processes; Security and privacy → Information-theoretic techniques; Security and privacy → Mathematical foundations of cryptography 2 Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions & Hardness
Differential privacy and sublinear algorithms are both rapidly emerging algorithmic themes in times of big data analysis. Although recent works have shown the existence of differentially private sublinear algorithms for many problems including graph parameter estimation and clustering, little is known regarding hardness results on these algorithms. In this paper, we initiate the study of lower bounds for problems that aim for both differentially-private and sublineartime algorithms. Our main result is the incompatibility of both the desiderata in the general case. In particular, we prove that a simple problem based on one-way marginals yields both a differentially-private algorithm, as well as a sublinear-time algorithm, but does not admit a "strictly" sublinear-time algorithm that is also differentially private.
In the increasingly connected world, cyber-physical systems (CPS) have been quickly adapted in many application domains, such as smart grids or healthcare. There will be more and more highly sensitive data important to the users being collected and processed in the cloud computing environments. Homomorphic Encryption (HE) offers a potential solution to safeguard privacy through cryptographic means while allowing the service providers to perform computations on the encrypted data. Throughout the process, only authorized users have access to the unencrypted data. In this paper, we provide an overview of three recent HE schemes, analyze the new optimization techniques, conduct performance evaluation, and share lessons learnt from the process of implementing these schemes. Our experiments indicate that the YASHE scheme outperforms the other two schemes we studied. The findings of this study can help others to identify a suitable HE scheme for developing solutions to safeguard private data generated or consumed by CPS.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.