## Abstract.

We consider the problem of *n* honest but curious players with private inputs \( x_1,\ldots,x_n, \) who wish to compute the value of a fixed function \( {\cal F}(x_1,\ldots,x_n) \) in such way that at the end of the protocol every player knows the value \( {\cal F}(x_1,\ldots,x_n) \). Each pair of players is connected by a secure point-to-point communication channel. The players have unbounded computational resources and they intend to compute \( {\cal F} \) in a *t*-private way. That is, after the execution of the protocol, no coalition of size at most \( t \le n - 1 \) can get any information about the inputs of the remaining players other than what can be deduced from their own inputs and the value of \( \cal F \).¶ We study the amount of randomness needed in *t*-private protocols. We prove a lower bound on the randomness complexity of any *t*-private protocol to compute a function with sensitivity *n*. As a corollary, we obtain that when the private inputs are uniformly distributed, at least *k*(*n*—1)(*n*—2)/2 random bits are needed to compute the sum modulo 2^{ k } of *n* *k*-bit integers in an (*n*—2)-private way. This result is tight as there are protocols for this problem that use *exactly* this number of random bits.

## Preview

Unable to display preview. Download preview PDF.