Privacy in Non-private Environments
We study private computations in information-theoretical settings on networks that are not 2-connected. Non-2-connected networks are “non-private” in the sense that most functions cannot privately be computed on them. We relax the notion of privacy by introducing lossy private protocols, which generalize private protocols. We measure the information each player gains during the computation. Good protocols should minimize the amount of information they lose to the players. Throughout this work, privacy always means 1-privacy, i.e. players are not allowed to share their knowledge. Furthermore, the players are honest but curious, thus they never deviate from the given protocol.
The randomness used by the protocol yields distributions on communication strings for each player and for each input. We define the loss of a protocol to a player as the logarithm of the number of different probability distributions the player can observe. This is justified since we prove that in optimal protocols, the distributions have pairwise disjoint support. Thus, the players can easily distinguish them, and the logarithm of their number is the number of bits the player learns.
The simplest non-2-connected networks consists of two blocks that share one bridge node. We prove that on such networks, communication complexity and the loss of a private protocol are closely related: Up to constant factors, they are the same.
Then we study one-phase protocols, an analogue of one-round communication protocols. In such a protocol each bridge node may communicate with each block only once. We investigate in which order a bridge node should communicate with the blocks to minimize the loss of information. In particular, for symmetric functions it is optimal to sort the components by increasing size. Then we design a one-phase protocol that for symmetric functions simultaneously minimizes the loss at all nodes where the minimum is taken over all one-phase protocols.
Finally, we prove a phase hierarchy. For any k there is a function such that every (k−1)-phase protocol for this function has an information loss that is exponentially greater than that of the best k-phase protocol.
KeywordsPrivate computation Secure multi-party computation Secure function evaluation Communication complexity Graph connectivity Randomness
Unable to display preview. Download preview PDF.
- 4.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proc. of the 20th Ann. ACM Symp. on Theory of Computing (STOC), pp. 1–10. ACM, New York (1988) Google Scholar
- 5.Berge, C.: Graphs. North-Holland, Amsterdam (1991) Google Scholar
- 7.Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: Proc. of the 20th Ann. ACM Symp. on Theory of Computing (STOC), pp. 11–19. ACM, New York (1988) Google Scholar
- 17.Orlitsky, A., Gamal, A.E.: Communication with secrecy constraints. In: Proc. of the 16th Ann. ACM Symp. on Theory of Computing (STOC), pp. 217–224. ACM, New York (1984) Google Scholar
- 21.Yao, A.C.-C.: Protocols for secure computations. In: Proc. of the 23rd Ann. IEEE Symp. on Foundations of Computer Science (FOCS), pp. 160–164. IEEE Comput. Soc., Los Alamitos (1982) Google Scholar