Randomness Recycling in Constant-Round Private Computations

Blundo, Carlo; Galdi, Clemente; Persiano, Pino

doi:10.1007/3-540-48169-9_10

Cited by 10 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This line of research has received considerable attention in recent years, see e.g. [28,23,26,17,7,8,10,27,5,20]. This study also showed that the randomness complexity of the private computation of a function is related to other complexity measures, such as sensitivity and circuit size [28,26,17,7,27].…”

Section: Introductionmentioning

confidence: 56%

$\Omega(\log n)$ Lower Bounds on the Amount of Randomness in 2-Private Computation

Gál¹,

Rosen

2005

SIAM J. Comput.

View full text Add to dashboard Cite

We consider the amount of randomness necessary in information-theoretic private protocols. We prove that at least Ω(log n) random bits are necessary for the t-private computation of the function xor by n players, for any t ≥ 2. In view of the upper bound of O(t 2 log(n/t)) [23], this bound is tight, up to constant factors, for any fixed t. For a class of protocols obeying certain restrictions, we give a stronger lower bound of Ω(t log(n/t)). We note that all known randomness efficient private protocols designed specifically for xor belong to this class. In fact we prove slightly stronger statements: we prove that on every input there is a run where the number of random bits used is large, rather than only proving that on some input there is a run where the number of random bits used is large. All our lower bounds hold for the "trusted dealer" model as well, and the Ω(t log(n/t)) lower bound for restricted protocols is tight, up to constant factors, for any t ≥ 2 in this model. In comparison, the previous lower bounds on the amount of randomness required by t-private computation of explicit functions did not grow with n for constant values of t, and our results improve the previous lower bounds for xor for any 2 ≤ t = o(log n). Our results also show that already for t = 2, Ω(log n) random bits are necessary, while it is known that for the case of t = 1 a single random bit is sufficient for privately computing xor for any number of players. Our proofs use novel techniques by which we extract random variables from a t-private protocol, and then use the t-privacy property of the protocol to prove properties of these random variables. These properties in turn imply that the number of random bits used by the players is large.

show abstract

Section: Introductionmentioning

confidence: 56%

$\Omega(\log n)$ Lower Bounds on the Amount of Randomness in 2-Private Computation

Gál¹,

Rosen

2005

SIAM J. Comput.

View full text Add to dashboard Cite

show abstract

“…This line of research has received considerable attention in recent years, see e.g. [24,19,22,16,6,7,9,23]. This study also showed that the randomness complexity of the private computation of a function is related to other complexity measures, such as sensitivity and circuit size [24,22,16,6,23].…”

Section: Introductionmentioning

confidence: 60%

“…This study also showed that the randomness complexity of the private computation of a function is related to other complexity measures, such as sensitivity and circuit size [24,22,16,6,23]. The specific function xor (addition modulo 2) was the subject of considerable research in this context due to its being a basic operation and its relative simplicity [24,23,7,19].…”

Section: Introductionmentioning

confidence: 82%

“…Our motivation to consider this class is that all known randomness-efficient protocols designed specifically for xor obey this restriction [24,19,23,7]. Informally one can describe the protocols of this class in the following way.…”

Section: Restricted Protocolsmentioning

confidence: 99%

“…All known randomness-efficient private protocols designed specifically for the function xor [24,19,23,7] are built in the following special way. They are based on a deterministic, non-private, protocol for xor.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Lower bounds on the amount of randomness in private computation

Gál

Rosen

2003

Proceedings of the Thirty-Fifth Annual ACM Symposium on Theory of Computing

View full text Add to dashboard Cite

We consider the amount of randomness necessary in information-theoretic private protocols. We prove that at least Ω(log n) random bits are necessary for the t-private computation of the function xor by n players, for any t ≥ 2. In view of the upper bound of O(t 2 log(n/t)) [19], this bound is tight, up to constant factors, for any fixed t. For a class of protocols obeying certain restrictions, we give stronger lower bounds of Ω(t log(n/t)). We note that all known randomness efficient private protocols designed specifically for xor belong to this class. All our lower bounds hold for the "trusted dealer" model as well, and the Ω(t log(n/t)) lower bound for restricted protocols is tight, up to constant factors, for any t ≥ 2 in this model.In comparison, the previous lower bounds on the amount of randomness required by t-private computation of explicit functions did not grow with n for constant values of t, and our results improve the previous lower bounds for xor for any 2 ≤ t = o(log n). Our results also show that already for t = 2, Ω(log n) random bits are necessary, while it is known that for the case of t = 1 a single random bit is sufficient for privately computing xor for any number of players.Our proofs use novel techniques by which we extract random variables from a t-private protocol, and then use the tprivacy property of the protocol to prove properties of these random variables. These properties in turn imply that the number of random bits used by the players is large.

show abstract

Lower and Upper Bounds on the Randomness Complexity of Private Computations of AND

Kushilevitz

Ostrovsky

Prouff

et al. 2019

Theory of Cryptography

View full text Add to dashboard Cite

We consider multi-party information-theoretic private protocols, and specifically their randomness complexity. The randomness complexity of private protocols is of interest both because random bits are considered a scarce resource, and because of the relation between that complexity measure and other complexity measures of boolean functions such as the circuit size or the sensitivity of the function being computed [17,12]. More concretely, we consider the randomness complexity of the basic boolean function and, that serves as a building block in the design of many private protocols. We show that and cannot be privately computed using a single random bit, thus giving the first non-trivial lower bound on the 1-private randomness complexity of an explicit boolean function, f : {0, 1} n → {0, 1}. We further show that the function and, on any number of inputs n (one input bit per player), can be privately computed using 8 random bits (and 7 random bits in the special case of n = 3 players), improving the upper bound of 73 random bits implicit in [17]. Together with our lower bound, we thus approach the exact determination of the randomness complexity of and. To the best of our knowledge, the exact randomness complexity of private computation is not known for any Research of E.

show abstract

Randomness Recycling in Constant-Round Private Computations

Cited by 10 publications

References 11 publications

$\Omega(\log n)$ Lower Bounds on the Amount of Randomness in 2-Private Computation

$\Omega(\log n)$ Lower Bounds on the Amount of Randomness in 2-Private Computation

Lower bounds on the amount of randomness in private computation

Lower and Upper Bounds on the Randomness Complexity of Private Computations of AND

Contact Info

Product

Resources

About