Towards a Reverse Newman’s Theorem in Interactive Information Complexity
 1.3k Downloads
 1 Citations
Abstract
Newman’s theorem states that we can take any publiccoin communication protocol and convert it into one that uses only private randomness with but a little increase in communication complexity. We consider a reversed scenario in the context of information complexity: can we take a protocol that uses private randomness and convert it into one that only uses public randomness while preserving the information revealed to each player? We prove that the answer is yes, at least for protocols that use a bounded number of rounds. As an application, we prove new directsum theorems through the compression of interactive communication in the boundedround setting. To obtain this application, we prove a new oneshot variant of the Slepian–Wolf coding theorem, interesting in its own right. Furthermore, we show that if a Reverse Newman’s Theorem can be proven in full generality, then full compression of interactive communication and fullygeneral directsum theorems will result.
Keywords
Communication complexity Information complexity Information theory Compression Slepian–Wolf1 Introduction
Information cost was introduced by a series of papers [1, 6, 8, 9, 13] as a complexity measure for twoplayer communication protocols. Internal information cost measures the amount of information that each player learns about the input of the other player while executing a given protocol. In the usual setting of communication complexity we have two players, Alice and Bob, each having an input x and y, respectively. Their goal is to determine the value f(x, y) for some predetermined function f. They achieve the goal by communicating to each other some amount of information about their inputs according to some protocol.
The usual measure considered in this setting is the number of bits exchanged by Alice and Bob, whereas the internal information cost measures the amount of information transferred between the players during the communication. Clearly, the amount of information is upper bounded by the number of bits exchanged but not vice versa. There might be a lengthy protocol (say even of exponential size) that reveals very little information about the players’ inputs.
In recent years, a substantial research effort was devoted to proving the converse relationship between the information cost and the length of protocols, i.e., to proving that a protocol which reveals only I bits of information can be simulated by a different protocol which communicates only (roughly) I bits. Such results are known as compression theorems. Barak et al. [1] prove that a protocol that communicates C bits and has internal information cost I can be replaced by another protocol that communicates \(O(\sqrt{I \cdot C} \log C)\) bits. For the case when the inputs of Alice and Bob are sampled from independent distributions they also obtain a protocol that communicates \(O(I \cdot \mathop { polylog} C)\) bits. These conversions do not preserve the number of rounds. In a follow up paper [6] consider a bounded round setting and give a technique that converts the original qround protocol into a protocol with \(O(q \cdot \log I)\) rounds that communicates \(O(I + q\log \frac{q}{\varepsilon })\) bits with additional error \(\varepsilon \).
All known compression theorems are in the randomized setting. We distinguish two types of randomness—public and private. Public random bits are seen by both communicating players, and both players can take actions based on these bits. Private random bits are seen only by one of the parties, either Alice or Bob. We use publiccoin (privatecoin) to denote protocols that use only public (private) randomness. If a protocol uses both public and private randomness, we call it a mixedcoin protocol.
Simulating a privatecoin protocol using public randomness is straightforward: Alice views a part of the public random bits as her private random bits, Bob does the same using some other portion of the public bits, and they communicate according to the original privatecoin protocol. This new protocol communicates the same number of bits as the original protocol and computes the same function. In the other direction, an efficient simulation of a publiccoin protocol using private randomness is provided by Newman’s Theorem [16]. Sending over Alice’s private random bits to make them public could in general be costly as they may need, e.g., polynomially many public random bits, but Newman showed that it suffices for Alice to transfer only \(O(\log n + \log \frac{1}{\delta })\) random bits to be able to simulate the original publiccoin protocol, up to an additional error of \(\delta \).
In the setting of information cost the situation is quite the opposite. Simulating public randomness by private randomness is straightforward: one of the players sends a part of his private random bits to the other player and then they run the original protocol using these bits as the public randomness. Since the random bits contain no information about either input, this simulation reveals no additional information about the inputs; thus the information cost of the protocol stays the same. This is despite the fact that the new protocol may communicate many more bits than the original one.
However, the conversion of a privaterandomness protocol into a publicrandomness protocol seems significantly harder. For instance, consider a protocol in which in the first round Alice sends to Bob her input x bitwise XORed with her private randomness. Such a message does not reveal any information to Bob about Alice’s input—as from Bob’s perspective he observes a random string—but were Alice to reveal her private randomness to Bob, he would learn her complete input x. This illustrates the difficulty in converting private randomness into public.
We will generally call “Reverse Newman’s Theorem” (RNT) a result that makes randomness public in an interactive protocol without revealing more information. This paper is devoted to attacking the following:
RNT Question Can we take a privatecoin protocol with information cost I and convert it into a publiccoin protocol with the same behavior and information cost \(\tilde{O}(I)\)?
Interestingly, the known compression theorems [1, 6, 12] give compressed protocols that use only public randomness, and hence as a byproduct they give a conversion of privaterandomness protocols into publicrandomness equivalents. However, the parameters of this conversion are far from the desired ones.^{1} In Sect. 4 we show that the RNT question represents the core difficulty in proving full compression theorems; namely, we will prove that any publiccoin protocol that reveals I bits of information can already be compressed to a protocol that uses \(\tilde{O}(I)\) bits of communication, and hence a fully general RNT would result in fully general compression results, together with the directsum results that would follow as a consequence. This was discovered independently by Denis Pankratov, who in his MSc thesis [17] extended the analysis of the [1] compression schemes to show that they achieve full compression in the case when only public randomness is used. Our compression scheme is similar but slightly different: we discovered it originally while studying the compression problem in a Kolmogorov complexity setting (as in [4]), and our proof for the Shannon setting arises from the proper “translation” of this proof; we include it for completeness and because we think it makes for a more elementary proof.
Main contributions Our main contribution is a Reverse Newman’s Theorem in the boundedround scenario. We will show that any qround privatecoin protocol can be converted to an O(q)round publiccoin protocol that reveals only additional \(\tilde{O}(q)\) bits of information (Theorem 1). Our techniques are new and interesting. Our main technical tool is a conversion of one round privaterandomness protocols into one round publicrandomness protocols. This conversion proceeds in two main steps. After discretizing the protocol so that the private randomness is sampled uniformly from some finite domain, we convert the protocol into what we call a 1–1 protocol, which is a protocol having the property that for each input and each message there is at most one choice of private random bits that will lead the players to send that message. We show that such a conversion can be done without revealing too much extra information. In the second step we take any 1–1 protocol and convert it into a publiccoin protocol while leaking only a small additional amount of information about the input. This part relies on constructing special bipartite graphs that contain a large matching between the right partition and any large subset of left vertices.
Furthermore, we will prove two compression results for publicrandomness protocols: a roundpreserving compression scheme to be used in the boundedround case, and a general (not roundpreserving) compression scheme which can be used with a fully general RNT. Either of these protocols achieves much better parameters than those currently available for general protocols (that make use of private randomness as well as public). The roundpreserving compression scheme is essentially a constantround averagecase oneshot version of the Slepian–Wolf coding theorem [19], and is interesting in its own right.
As a result of our RNT and our roundpreserving compression scheme, we will get a new compression result for general (mixedcoin) boundedround protocols. Whereas previous results for the boundedround scenario [6] gave compression schemes with communication complexity similar to our own result, their protocols were not roundpreserving. We prove that a qround protocol that reveals I bits of information can be compressed to an O(q)round protocol that communicates \(O(I + 1)+q \log (\frac{q n}{\delta })\) bits, with additional error \(\delta \). As a consequence we will also improve the boundedround directsum theorem of [6].

Braverman et al. [7] have shown directproduct theorems for constantround randomized communication complexity, which is an improvement of our directsum results.

Braverman and Garg [3] have devised a shorter proof of a Reverse Newman’s Theorem for constantround protocols, and with tighter bounds. They show that a privatecoin singleround protocol revealing I bits of information can be made publiccoin by revealing only \(\log I\) additional bits (a better bound than our \(O(\log 2 n \ell )\) of Theorem 2).

Kozachinsky [14] has shown a general Reverse Newman’s Theorem, proving that a privatecoin protocol revealing I bits of information and using C bits of communication can be converted into a publiccoin protocol revealing \(O(\sqrt{I C})\) bits of information. Together with our and (independently) Pankratov’s compression result for general protocols (Theorem 3), this gives the bestknown directsum result for general protocols of (Braverman et al).

Bauer et al. [5] show how to compress a protocol with internal entropy \(H^{int}\) and worstcase communication C into a protocol with communication \((\frac{H^{int}}{\varepsilon })^2 \log \log C\) incurring extra error \(\varepsilon \); in the case of publiccoin protocols, \(H^{int}\) is exactly the information cost, and hence this gives an exponential improvement for the dependence on C, compared to any of our schemes.

Kozachinsky [15] has also provided a simpler proof of the oneshot Slepian–Wolf theorem, with smaller constants.

Theorem 7 (Constantround averagecase oneshot Slepian–Wolf), the proof in the conference submission was wrong.

Lemma 2 (Making protocols 1–1 without losing information), the new proof is onethird the size and much simpler.

Lemma 1 (Existence of matching graphs), we have a shorter, more elegant proof with slightly worse bounds, that are nonetheless good enough for our applications.
2 Preliminaries
2.1 Information Theory
Fact 1
Fact 2
Fact 3
Fact 4
Here \(A_1,\dots ,A_k\) stands for a random variable in the set of ktuples and \(A_i\) stands for its \(i\hbox {th}\) projection.
Fact 5
A and B are independent conditional to C (which means that whatever outcome c of C we fix, A and B become independent conditional to the event \(C=c\)) if and only if \(I(A:BC) = 0\).
Fact 6
Fact 7
From Fano’s inequality the following easily follows:
Fact 8
2.2 TwoPlayer Protocols
We will be dealing with protocols that have both public and private randomness; this is not very common, so we will give the full definitions, which are essentially those of [1, 6]. We will be working exclusively in the distributional setting. From here onwards, we will assume that the input is given to two players, Alice and Bob, by way of two random variables X, Y sampled from a possibly correlated distribution \(\mu \) over the support \(\mathcal {X}\times {\mathcal {Y}}\).
 1.
Each nonleaf node is owned by either Alice or Bob.
 2.If v is a nonleaf node belonging to Alice, then:
 (a)
The children of v are owned by Bob; each child is labeled with a binary string, and the set \({\mathcal {C}}(v)\) of labels of v’s children is prefixfree.
 (b)
Associated with v is a set \(\mathcal {R}_v\), and a function \(M_v: \mathcal {X}\times \mathcal {R}_v \rightarrow {\mathcal {C}}(v)\).
 (a)
 3.
The situation is analogous for Bob’s nodes.
 4.
With each leaf we associate an output value in \(\mathcal {Z}\).
 1.
Set v to be the root of the protocol tree.
 2.
If v is a leaf, the protocol ends and outputs the value associated with v.
 3.
If v is owned by Alice, she picks a string r uniformly at random from \(\mathcal {R}_v\) and sends the label of \(M_v(x, r)\) to Bob, they both set \(v := M_v(x, r)\), and return to the previous step. Bob proceeds analogously on the nodes he owns.
We let \(\pi (x, y, r, r_A, r_B)\) denote the messages exchanged during the execution of \(\pi \), for given inputs x, y, and random choices \(r, r_A\) and \(r_B\), and \(\textsc {Out}_\pi (x, y,r, r_A, r_B)\) be the output of \(\pi \) for said execution. The random variable R is the public randomness, \(R_A\) is Alice’s private randomness, and \(R_B\) is Bob’s private randomness; we use \(\varPi \) to denote the random variable \(\pi (X, Y, R, R_A, R_B)\). We assume without loss of generality that \(R, R_A,\) and \(R_B\) are uniformly distributed.
Definition 1
The worstcase communication complexity of a protocol \(\pi \), \(\mathsf {CC}(\pi )\), is the maximum number of bits that can be transmitted in a run of \(\pi \) on any given input and choice of random strings. The average communication complexity of a protocol \(\pi \), with respect to the input distribution \(\mu \), denoted \(\mathsf {ACC}_\mu (\pi )\), is the average number of bits that are transmitted in an execution of \(\pi \), for inputs drawn from \(\mu \). The worstcase number of rounds of \(\pi \), \(\mathsf {RC}(\pi )\), is the maximum depth reached in the protocol tree by a run of \(\pi \) on any given input. The average number of rounds of \(\pi \), w.r.t. \(\mu \), denoted \(\mathsf {ARC}_\mu (\pi )\), is the average depth reached in the protocol tree by an execution of \(\pi \) on input distribution \(\mu \).
Definition 2
The third equality holds, as Y is independent from \(R_A\) conditional to \(\varPi ,X,R\) (Fact 7). This independence follows from the rectangle property of protocols: for every fixed \(\varPi ,X,R\) the set of all pairs \(((Y,R_B),R_A)\) producing the transcript \(\varPi \) is a rectangle and thus the pair \((Y,R_B)\) (and hence Y) is independent from \(R_A\) conditional to \(\varPi ,X,R\). The fourth equality is proven similarly to the first and the second ones.
The expressions \(I(Y : \varPi ,R  X)\) and \(I(Y : \varPi  X,R)\) for the information revealed to Alice are the most convenient ones and we will use them throughout the paper. Similar transformations can be applied to the second term in Definition 2.
Definition 3
Many of our technical results require that the protocol uses a limited amount of randomness at each step. This should not be surprising—this is also a requirement of Newman’s theorem. This motivates the following definition.
Definition 4
A protocol \(\pi \) is an \(\ell \)discrete protocol ^{2} if \(\mathcal {R}_v=2^\ell \) at every node of the protocol tree.
When a protocol is \(\ell \)discrete, we say that it uses \(\ell \) bits of randomness for each message; when \(\ell \) is clear from context, we omit it. While the standard communication model allows players to use an infinite amount of randomness at each step, this is almost never an issue, since one may always “round the message probabilities” to a finite precision. This intuition is captured in the following observation.
Observation 1
Hence, while working exclusively with discretized protocols, our theorems will also hold for nondiscretized protocols, except with an additional exponentially small error term. We consider this error negligible, and hence avoid discussing it beyond this point; the reader should bear in mind, though, that when we say that we are able to simulate a discretized protocol exactly, this will imply that we can simulate any protocol with subinverseexponential \(2^{\varOmega (\ell )}\) error.
We are particularly interested in the case of oneway protocols, where Alice sends a single message to Bob. A oneway protocol \(\pi \) is given by a function \(M_\pi : \mathcal {X}\times \mathcal {R}\mapsto \mathcal {M}\); on input x Alice randomly generates r and sends \(M_\pi (x,r)\). Note that if \(\pi \) is privatecoin, then \(\mathsf {IC}_\mu (\pi ) = I(X:M(X,R_A)Y)\), and similarly, if \(\pi \) is publiccoin, then \(\mathsf {IC}_\mu (\pi ) = I(X:R, M(X,R)Y)\).
Finally, we close this section with a further restriction on protocols, which we call 1–1. Proving an RNT result for 1–1 protocols will be a useful intermediate step in the general RNT proof.
Definition 5
A oneway protocol \(\pi \) is a 1–1 protocol if \(M_\pi (x,\cdot )\) is 1–1 for all x.
3 Towards a Reverse Newman’s Theorem
Our main result is the following:
Theorem 1
(Reverse Newman’s Theorem, boundedround version) Let \(\pi \) be an arbitrary, \(\ell \)discrete, mixedcoin, qround protocol, and let \(C = \mathsf {CC}(\pi )\), \(n = \max \{\log \mathcal {X},\log \mathcal {Y}\}\). Suppose that \(\pi \)’s public randomness R is chosen from the uniform distribution over the set \(\mathcal {R}\), and \(\pi \)’s private randomness \(R_A\) and \(R_B\) is chosen from uniform distributions over the sets \(\mathcal {R}_A\) and \(\mathcal {R}_B\), respectively.
We conjecture, furthermore, that a fully general RNT holds:
Conjecture 1
In Sects. 4 and 5, we show that RNTs imply fully general compression of interactive communication, and hence the resulting directsum theorems in information complexity. This results in new compression and directsum theorems for the boundedround case. We believe that attacking Conjecture 1, perhaps with an improvement of our techniques, is a sound and new approach to proving these theorems.
As suggested by the \(O(q \log (2 n \ell ))\)term of (1), Theorem 1 will be derived from its oneway version.
3.1 RNT for OneWay Protocols
Theorem 2
Proof
We first sketch the proof. The public randomness \(R'\) used by the new protocol \(\pi '\) will be the very same randomness R used by \(\pi \). So we seem to have very little room for changing \(\pi \), but actually there is one change that we are allowed to make. Let \(M_\pi : \mathcal {X}\times \mathcal {R}\mapsto \mathcal {M}\) be the function Alice uses to generate her message. It will be helpful to think of \(M_\pi \) as a table, with rows corresponding to possible inputs x, columns corresponding to possible choices of the private random string r, and the (x, r) entry being the message \(M_\pi (x, r)\). Noticing that r is picked uniformly, Alice might instead send message \(M(x, \phi _x(r))\), where \(\phi _x\) is some permutation of \(\mathcal {R}\). In other words, she may permute each row in the table using a permutation \(\phi _x\) for the row x. The permutation \(\phi _x\) will “scramble” the formerlyprivate nowpublic randomness R into some new string \(\tilde{r} = \phi _x(r)\) about which Bob hopefully knows nothing. This “scrambling” keeps the message distribution exactly as it was, changing only which R results in which message. We will see that this can be done in such a way that, in spite of knowing r, Bob has no hope of knowing \(\tilde{r}= \phi _x(r)\), unless he already knows x to begin with.
We will show that if this is not the case, and, moreover, each row has pairwise different messages, then we can “almost” achieve the goal: one can permute each row in such a way that with probability at least \(11/n^2\) the message \(M'=M_{\pi '}(X,R)\) appears in at most \(d=(n\cdot \ell )^{O(1)}\) columns. Thus we first prove Theorem 2 for the special case of 1–1 protocols, i.e. for protocols where each row has pairwise different messages.
The proof of Theorem 2 for 1–1 protocols. We first will construct a special bipartite graph G, which we call a matching graph. Its left nodes will be all possible messages m and its right nodes will be all random strings r. Our strategy will be to find a way of permuting each row of our table so that for every row x and most columns r (in row x) the message \(M_{\pi '}(x,r)\) in the cell (x, r) of the table is connected by an edge to r in the graph G.
Definition 6
An \((m,\ell ,d,\delta )\)matching graph is a bipartite graph \(G=(\mathcal {M}\cup \mathcal {R}, \mathcal {E})\) such that \(\mathcal {M}=2^m\), \(\mathcal {R} = 2^\ell \), \(\deg (u) = d\) for each \(u \in \mathcal {M}\), and such that for all \(\mathcal {M}' \subseteq \mathcal {M}\) with \(\mathcal {M}'=2^\ell \), \(G_{\mathcal {M}'\cup \mathcal {R}}\) has a matching of size at least \(2^\ell (1\delta )\).
To see that, in this new protocol \(\pi '\), R reveals little information about X when \(M'\) is known, notice that if we know the message \(m'=M_{\pi '}(x,r)\), then in order to specify r we only need to say which edge in the graph must be followed; this is specified with \(\log n\) bits because our graph has degree n. Hence \(I(X : R  M) \le H(R  M) \le \log n\).
In truth, matching graphs with such good parameters do not exist. But we can have goodenough approximations, and we can show that this is enough for our purposes. These graphs are obtained through the Probabilistic Method.
Lemma 1
For all integer \(\ell \le m\) and positive \(\delta \) there is an \((m,\ell , d, \delta )\)matching graph with \(d=O(m/\delta )\).
In Sect. 6.1 we will show that the lemma holds also \(d = O((m\ell )/\delta ^2) + \ln (1/\delta )/\delta \) (Lemma 10). That bound has better dependence on \(m,\ell \) (especially when \(m\ell \ll m\)). However, it has worse dependence on \(\delta \). In Sect. 6.2 we show a lower bound of \(d = \varOmega ((m\ell )/\delta )\), which almost matches our upper bounds.
Proof
Hall’s theorem [11] states that if in a bipartite graph every left subset of cardinality \(i\le L\) has at least i neighbors then every left subset of cardinality \(i\le L\) has a matching in the graph.
Now the proof of Theorem 2 for 1–1 protocols proceeds as follows. Let \(n = \log {\mathcal {X}}\) and \(\ell = \log {\mathcal {R}}\). Assume without loss of generality that \({\mathcal {M}} = M({\mathcal {X}}, {\mathcal {R}})\); then \({\mathcal {M}} \le 2^{n+\ell }\). Now let G be an \((n+\ell ,\ell , d, \delta )\)matching graph having \({\mathcal {M}}\) as a subset of its left set and \({\mathcal {R}}\) as its right set, for \(\delta = \frac{1}{n^2}\). For these parameters, we are assured by Lemma 1 that such a matching graph exists having leftdegree \(d = O((n+\ell )n^2)\).
We construct the new protocol \(\pi '\) as follows. For each \(x \in {\mathcal {X}}\) let \({\mathcal {M}}_x = M(x, {\mathcal {R}})\) be the set of messages that might be sent on input x. Noticing that \({\mathcal {M}}_x = 2^\ell \), consider a partial Gmatching between \({\mathcal {M}}_x\) and \({\mathcal {R}}\) pairing all but a \(\delta \)fraction of \({\mathcal {M}}_x\); then define a bijection \(M'_x : {\mathcal {R}} \rightarrow {\mathcal {M}}_x\) by setting \(M'_x(r) = m\) if (m, r) is an edge in the matching, and pairing the unmatched m and r’s arbitrarily (possibly using edges not in G). Finally, set \(M'(x, r) = M'_x(r)\).
Since \(M'(x, r) = M'_x(r)\) for some bijection \(M'_x\) between \(\mathcal {R}\) and \({\mathcal {M}}_x\), it is clear that M and \(M'\) generate the same transcript distribution for any input x.
Let us introduce a new random variable K, which is a function of \(X,R,M'\) and takes the value 1 if \((M',R)\) is an edge of the matching graph and is equal to 0 otherwise. Recall that for every x the pair \((M'(x,R),R)\) is an edge of the matching graph with probability at least \(11/n^2\). Therefore, \(K=0\) with probability at most \(1/n^2\). Call a message m bad if the probability that \(K=0\) conditional to \(M'=m\) (that is, the fraction of rows x, among all rows containing m, such that m was not matched within the graph in the row x) is more than 1 / n. Then \(M'\) is bad with probability less than 1 / n, otherwise \(K=0\) would happen with probability greater than \(1/n^2\).
The proof of Theorem 2 in general case. The general case follows naturally from 1–1case and the following lemma, which makes a protocol 1–1 by adding a small amount of communication.
Lemma 2
Proof
3.2 RNT for ManyRound Protocols
Let us prove Theorem 1 as a consequence of Theorem 2.
Proof
4 Compression for PublicCoin Protocols
We present in this section two results of the following general form: we will take a publiccoin protocol \(\pi \) that reveals little information, and “compress” it into a protocol \(\rho \) that uses little communication to perform the same task with about the same error probability. It turns out that the results in this setting are simpler and give stronger compression than in the case where Alice and Bob have private randomness (such as in [1, 6]). We present two bounds, one that is dependent on the number of rounds of \(\pi \), but which is also roundefficient, in the sense that \(\rho \) will not use many more rounds than \(\pi \); and one that is independent of the number of rounds of \(\pi \), but where the compression is not as good when the number of rounds of \(\pi \) is small. We begin with the latter.
Theorem 3
Suppose there exists a publiccoin protocol \(\pi \) to compute \(f:\{0,1\}^n\times \{0,1\}^n\rightarrow \mathcal {Z}\) over the distribution \(\mu \) with error probability \(\delta '\), and let \(C = \mathsf {CC}(\pi )\), \(I = \mathsf {IC}_\mu (\pi )\). Then for any positive \(\delta \) there is a publiccoin protocol \(\rho \) computing f over \(\mu \) with error \(\delta ' +\delta \), and with \(\mathsf {ACC}_\mu (\rho ) = O( I\cdot \log (2Cn/\delta ))\).
Proof
Our compression scheme is similar, but not identical, to that of [1]—the absence of private randomness allows for a more elementary proof.
It suffices to prove the theorem only for deterministic protocols—the case for publiccoin protocols can be proved as follows. By fixing any outcome r of randomness R of a publiccoin protocol \(\pi \), we obtain a protocol \(\pi _r\) without public randomness and can apply Theorem 3 to \(\pi _r\). The average communication length of the resulting deterministic protocol \(\rho _r\) is at most \(O( I(\pi _r)\cdot \log (2Cn/\delta ))\). Thus the average communication of the publiccoin protocol \(\rho \) that chooses a random r and runs \(\rho _r\) will be at most \(O( I\cdot \log (2Cn/\delta ))\).
Given her input x, Alice knows the distribution of \(\varPi x\), and she can hence compute the conditional probability \(\Pr [\pi (X, Y) = t  X = x]\) for each leaf t of the protocol tree. We will use the notation \(w_a(tx)\) for this conditional probability. Likewise Bob computes \(w_b(ty) = \Pr [\pi (X, Y) = t  Y = y]\). Now it must hold that \(\pi (x, y)\) is the unique leaf such that both \(w_a(tx),w_b(ty)\) are positive. Alice and Bob then proceed in stages to find that leaf: at a given stage they have agreed that a certain partial transcript, which is a node in the protocol tree of \(\pi \), is a prefix of \(\pi (x, y)\). Then each of them chooses a candidate transcript, which is a leaf extending their partial transcript (the candidate transcripts of Alice and Bob may be different). Then they find the largest common prefix (lcp) of their two candidate transcripts, i.e., find the first bit at which their candidate transcripts disagree. Now, because one of the players actually knows what that bit should be (that bit depends either on x or on y), the player who got it wrong can change her/his bit to its correct value, and this will give the new partial transcripts they agree upon. They proceed this way until they both know \(\pi (x, y)\).
It will be seen that the candidate leaf can be chosen in such a way that the total probability mass under the nodes they have agreed upon halves at every correction, and this will be enough to show that Alice will only need to correct her candidate transcript \(H(\varPi X)\) times (and Bob \(H(\varPi Y)\) times) on average. Efficient protocols for finding the lcp of two strings will then give us the required bounds.
We first construct an interactive protocol that makes use of a special device, which we call lcp box. This is a conceptual interactive device with the following behavior: Alice takes a string u and puts it in the lcp box, Bob takes a string v and puts it in the lcp box, then a button is pressed, and Alice and Bob both learn the largest common prefix of u and v. Using an lcp box will allow us to ignore error events until the very end of the proof, avoiding an annoying technicality that offers no additional insight.
Lemma 3
For any given probability distribution \(\mu \) over input pairs and for every deterministic protocol \(\pi \) with information cost I (w.r.t. \(\mu \)) and worst case communication C there is a deterministic protocol \(\tilde{\rho }\) with zero communication computing the same function with the same error probability (w.r.t. \(\mu \)) as \(\pi \), and using lcp box for Cbitstrings at most I times on average (w.r.t. \(\mu \)).
Proof
On inputs x and y, in the new protocol \(\tilde{\rho }\) Alice and Bob compute weights \(w_a(tx),w_b(ty)\) of every leaf of the protocol tree of \(\pi \), as explained above. Furthermore, for every binary string s let \(w_a(sx)\) denote the sum of weights \(w_a(tx)\) over all leaves t under s. Define \(w_b(sy)\) in a similar way.
The protocol \(\tilde{\rho }\) runs in stages: before each stage i Alice and Bob have agreed on a binary string \(s=s_{i1}\), which is a prefix of \(\pi (x,y)\). Initially \(s=s_0\) is empty.
On stage i Alice defines the candidate transcript \(t_a\) as follows: she appends 0 to \(s=s_{i1}\) if \(w_a(s0x)>w_a(s1x)\) and she appends 1 to s otherwise. Let \(s'\) denote the resulting string. Again, she appends 0 to \(s'\) if \(w_a(s'0x)>w_a(s'1x)\) and she appends 1 to \(s'\) otherwise. She proceeds in this way until she gets a leaf of the tree (by construction its weight is positive). Bob defines his candidate transcript \(t_b\) in a similar way. Then they put \(t_a\) and \(t_b\) in the lcp box and they learn the largest common prefix \(s^{*}\) of \(t_a\) and \(t_b\). By construction both \(w_a(s^{*}x)\) and \(w_b(s^{*}y)\) are positive and hence \(s^{*}\) is a prefix of \(\pi (x,y)\).^{6} Recall that no leaf of the protocol tree is a prefix of another leaf. Therefore either \(s^{*}=t_a=t_b\), in which case they stop the protocol, as they both know \(\pi (x,y)\). Or \(s^{*}\) is a proper prefix of both \(t_a\) and \(t_b\). If the node \(s^{*}\) of the protocol tree belongs to Alice, then Bob’s next bit is incorrect, and otherwise Alice’s next bit is incorrect. They both add the correct bit to \(s^{*}\) and let \(s_i\) be the resulting string.
Now we have to transform the protocol of Lemma 3 to a randomized publiccoin protocol computing f that does not use an lcp box, with additional error \(\delta \). The use of an lcp box can be simulated with an errorprone implementation:
Lemma 4
([10]) For every positive \(\varepsilon \) and every natural C there is a randomized publiccoin protocol such that on input two Cbit strings x, y, it outputs the largest common prefix of x, y with probability at least \(1  \varepsilon \); its worstcase communication complexity is \(O(\log (C/\varepsilon ))\).
The lemma is proven by hashing (as in the randomized protocol for equality) and binary search. From this lemma we obtain the following corollary.
Lemma 5
For every positive \(\delta \) any protocol \(\tilde{\rho }\) to compute \(f:\{0,1\}^n\times \{0,1\}^n\rightarrow \mathcal {Z}\) that uses an lcp box \(\ell \le 2n\) times on average for strings of length at most C can be simulated with error \(\delta \) by a protocol \(\rho \) that does not use an lcp box, and communicates \(O(\ell \log (\frac{2Cn}{\delta }))\) bits more on average.^{7}
Proof
The protocol \(\rho \) simulates \(\tilde{\rho }\) by replacing each use of the lcp box with the protocol given by Lemma 4 with some error parameter \(\varepsilon \) (to be specified later). The simulation continues while the total communication is less than n. Once it becomes n, we stop the simulation and both players exchange their inputs.
Notice that the additional error probability introduced by the failure of the protocol of Lemma 4 is at most \(\varepsilon \ell \): for each input pair (x, y) the error probability is at most \(\varepsilon i(x,y)\), where i(x, y) stands for the number of times we invoke lcp box for that particular pair, and the average of \(\varepsilon i(x,y)\) over (x, y) equals \(\varepsilon \ell \). Thus if we take \(\varepsilon \le \delta /\ell \), the error probability introduced by failures of the lcp box is at most \(\delta \).
Let \(\varepsilon =\delta /2n\) (which is less than \(\delta /\ell \), as we assume that \(\ell \le 2n\)) so that the average communication is at most \(O(\ell \log (\frac{2Cn}{\delta })+\ell \delta )=O(\ell \log (\frac{2Cn}{\delta }))\).
We are now able to finish the proof of Theorem 3. Notice that the information cost of the initial protocol is at most 2n. Hence we can apply Lemma 5 for \(\ell =I\) to the protocol of Lemma 3. The average communication of the resulting protocol \(\rho \) is at most \(O( I\cdot \log (2Cn/\delta ))\). \(\square \)
The proof of Theorem 3 offers no guarantee on the number of rounds of the compressed protocol \(\rho \). It is possible to compress a publiccoin protocol on a roundbyround basis while preserving, up to a multiplicative constant, the total number of rounds used.
Theorem 4
Suppose there exists a publiccoin protocol \(\pi \) to compute \(f:\{0,1\}^n\times \{0,1\}^n\rightarrow \mathcal {Z}\) over input distribution \(\mu \) with error probability \(\delta '\), and let \(I = \mathsf {IC}_\mu (\pi )\) and \(q = \mathsf {RC}(\pi ).\) Then for every positive \(\delta \) there exists a publiccoin protocol \(\rho \) that computes f over \(\mu \) with error \(\delta ' + \delta \), and with \(\mathsf {ACC}_\mu (\rho ) = O(I + 1)+q\log (nq/\delta )\) and \(\mathsf {ARC}_\mu (\rho ) = O(q)\).
Proof
The procedure to compress each round is achieved through an interactive variant of the Slepian–Wolf theorem [4, 18, 19]. We could not apply the known theorems directly, however, since they were made to work in different settings.
In a similar fashion to the proof of Theorem 3, we will make use of a special interactive device, which we call a transmission \(\mu \) box, where \(\mu \) is a probability distribution over input pairs (X, Y). Its behavior is as follows: one player takes a string x and puts it in the transmission box, the other player takes a string y and puts it in the box, a button is pressed, and then the second player knows x. The usage of a transmission \(\mu \)box is charged in such a way that the average cost when the input pair (X, Y) is drawn at random with respect to \(\mu \) is \(O(H(XY) +1)\) bits of communication and O(1) rounds.
Lemma 6
 1.
The average communication of \(\tilde{\rho }\) is \(\mathsf {ACC}_\mu (\tilde{\rho }) = O(\mathsf {IC}_\mu (\pi ) + q)\);
 2.
The average number of rounds of \(\tilde{\rho }\) is \(\mathsf {ARC}_\mu (\tilde{\rho }) = O(q)\);
 3.
\(\tilde{\rho }\) uses a transmission box q times; and
 4.
After \(\tilde{\rho }\) is run on the inputs x, y, both players know \(\pi (x, y)\).
Proof
Let \(\pi _{<j}(x, y)\) denote the sequence of messages sent by \(\pi \) in the first \(j1\) rounds for inputs x, y. The protocol \(\tilde{\rho }\) simulates \(\pi \) on a roundperround basis.
To proceed we need a protocol simulating the transmission box.
Lemma 7
 1.
For all fixed x, y, after execution of the protocol Bob learns x with probability at least \(1\varepsilon \).
 2.When (X, Y) are drawn according to \(\mu \), the protocol communicatesbits in O(1) rounds on average.$$\begin{aligned} O(H(XY)+ 1)+\log (1/\varepsilon ) \end{aligned}$$
Contrast this to the classical Slepian–Wolf theorem, where Alice and Bob are given a stream of i.i.d. pairs \((X_1, Y_1), \ldots , (X_n, Y_n)\), and Alice gets to transmit \(X_1, \ldots , X_n\) by using only oneway communication, and with an amortized communication of H(XY).
Proof
Because at least one new \(x_i\) is added at every step, this inductive procedure gives Bob a finite number of sets \(\mathcal {Z}_1, \ldots , \mathcal {Z}_K=X\). Then the protocol consists of applying the protocol of the following lemma, which will be proved later.
Lemma 8
For every natural m and every positive \(\varepsilon \) there exists a randomized publiccoin protocol with the following behavior. Suppose that Bob is given a family of finite sets \(\mathcal {Z}_1 \subseteq \cdots \subseteq \mathcal {Z}_K\subset \{0,1\}^m\) and Alice is given a string \(z\in \mathcal {Z}_K\). Then the protocol transmits z to Bob, except with a failure probability of at most \(\varepsilon \). For k the smallest index for which \(z\in \mathcal {Z}_k\), the run of this protocol uses at most \(2k+1\) rounds and \(2 \log \mathcal {Z}_k+\log \frac{1}{\varepsilon } + 4k\) bits of communication.
 (i)\(p(\mathcal {X}_k) \le 2 p(\mathcal {X}_{k+1}) + 2 p(x_{i(k)})\), which can be seen by summing two inequalities that follow from the minimality of i(k) in the definition of \(\mathcal {X}_k\):after which we get$$\begin{aligned} p(\mathcal {X}_k)  p(x_{i(k)}) \le \frac{1  p(\mathcal {Z}_{k1})}{2}, \qquad \frac{1  p(\mathcal {Z}_k)}{2} \le p(\mathcal {X}_{k+1}), \end{aligned}$$$$\begin{aligned} \frac{p(\mathcal {X}_k)}{2}  p(x_{i(k)}) \le p(\mathcal {X}_{k+1}). \end{aligned}$$
 (ii)
\(\mathcal {Z}_k \le \frac{1}{p(x)}\) for any \(x \in \mathcal {X}_{k+1} \cup \{ x_{i(k)} \}\), which follows since every \(x' \in \mathcal {Z}_k\) has a higherorequal probability than the x’s in \(\mathcal {X}_{k+1} \cup \{ x_{i(k)} \}\), but the sum of all the \(p(x')\) still adds up to less than 1.
Proof of Lemma 8
The protocol is divided into stages and works as follows. On the first stage, Bob begins by sending the number \(\ell _1 = \log \mathcal {Z}_1\) in unary to Alice, and Alice responds by picking \(L_1 = \ell _1 + \log \frac{1}{\varepsilon } + 1\) random linear functions \(f_1^{(1)}, \ldots , f_{L_1}^{(1)}: {\mathbb {Z}}_2^m\rightarrow {\mathbb {Z}}_2\) using public randomness, and sending Bob the hash values \(f_1^{(1)}(z), \ldots , f_{L_1}^{(1)}(z)\). Bob then looks for a string \(z' \in \mathcal {Z}_1\) that has the same hash values he just received; if there is such a string, then Bob says so, and the protocol is finished with Bob assuming that \(z' = z\).
Otherwise, the protocol continues. At stage k, Bob computes the number \(\ell _k = \log \mathcal {Z}_k\), and sends the number \(\ell _k  \ell _{k1}\) in unary to Alice; Alice responds by picking \(L_k = \ell _k  \ell _{k1} + 1\) random linear functions \(f_{1}^{(k)}, \ldots , f_{L_k}^{(k)}\), whose evaluation on z she sends over to Bob. Bob then looks for a string \(z' \in \mathcal {Z}_k\) that has the same hash values for all the hash functions which were picked in this and previous stages; if there is such a string, then Bob says so, and the protocol is finished with Bob assuming that \(z' = z\). If the protocol has not halted in K rounds, Alice just sends her input to Bob.
An error will occur whenever a \(z' \not = z\) is found that has the same fingerprint as z. The probability that this happens at stage k for a specific \(z' \in \mathcal {Z}_k\) is \(2^{L}\), where \(L = \ell _k + k + \log \frac{1}{\varepsilon }\) is the total number of hash functions picked up to this stage. By a union bound, the probability that such a \(z'\) exists is at most \(\mathcal {Z}_k 2^{\ell _k} \frac{\varepsilon }{2^k} \le \frac{\varepsilon }{2^k}\). Again by a union bound, summing over all stages k we get a total error probability of \(\varepsilon \).
To bound the communication for \(z \in \mathcal {Z}_k\), notice that sending all \(\ell _1.\dots ,\ell _k\) costs Bob at most \(\log \mathcal {Z}_k+k\) bits of total communication,^{8} that the total number of hash values sent by Alice is at most \(\log \mathcal {Z}_k + 2k + \log \frac{1}{\varepsilon }\), and that Bob’s reply (saying whether the protocol should continue) costs him k bits. \(\square \)
From Lemma 7 we get an analogue of Lemma 5.
Lemma 9
For every positive \(\delta \le 1/3\) any protocol \(\tilde{\rho }\) to compute \(f:\{0,1\}^n\times \{0,1\}^n\rightarrow \mathcal {Z}\) that uses transmission boxes q times can be simulated with error \(\delta \) by a protocol \(\rho \) that does not use transmission boxes, and communicates \(q\log (\frac{qn}{\delta })+1\) bits more.
Proof
The protocol \(\rho \) simulates \(\tilde{\rho }\) by replacing each use of a transmission box with the protocol given by Lemma 7 with some error parameter \(\varepsilon \) (to be specified later). The simulation continues while the total communication is less than n. Once it becomes n, we stop the simulation and the players exchange their inputs.
The additional error probability introduced by the failure of the protocol of Lemma 7 is at most \(q\varepsilon \). Assuming that \(\varepsilon \le \delta /q\), the error probability introduced by a transmission box failure is at most \(\delta \).
The desired protocol that establishes Theorem 4 is obtained by applying Lemma 9 to the protocol of Lemma 6.\(\square \)
5 Applications
From the combination of Theorems 1 and 4, and Observation 1, we can obtain a new compression result for general protocols.
Corollary 1
As we will see in the following subsection, this will result in a new directsum theorem for boundedround protocols. In general, given that we have already proven Theorem 3, and given that this approach shows promise in the boundedround case, it becomes worthwhile to investigate whether we can prove Conjecture 1 with similar techniques.
5.1 DirectSum Theorems for the BoundedRound Case
The following theorem was proven in [1]:
Theorem 5
([1], Theorem 12) Suppose that there is a qround protocol \(\pi ^k\) that computes k copies of f with communication complexity C and error \(\varepsilon \), over the kfold distribution \(\mu ^k\). Then there exists a qround mixedcoin protocol \(\pi \) that computes a single copy of f with communication complexity C and the same error probability \(\varepsilon \), but with information cost \(\mathsf {IC}_\mu (\pi ) \le \frac{2 C}{k}\) for any input distribution \(\mu \).
As a consequence of this theorem, and of Corollary 1, we will be able to prove a directsum theorem. The proof is a simple application of Theorem 5, and Corollary 1.
Theorem 6
5.2 Comparison with Previous Results
We may compare Corollary 1 with the results of [6]. In that paper, the n C factor is missing inside the \(\log \) of equation (3), but the number of rounds of the compressed protocol is \(O(q \log I)\) instead of O(q). A similar difference appears in the resulting directsum theorems.
We remark that the compression of Jain et al. [12] is also achieved with a roundbyround proof. Our directsum theorem is incomparable with their more ambitious directproduct result. It is no surprise, then, that the communication complexity of their compression scheme is \(O(\frac{q I}{\delta })\), i.e., it incurs a factor of q, whereas we pay only an additive term of \(\tilde{O}(q)\). However, their directproduct result also preserves the number of rounds in the protocol, whereas in our result the number of rounds is only preserved within a constant factor.
6 Alternative Constructions and Matching Lower Bounds
6.1 A Different Upper Bound on the Degree of Matching Graphs
Lemma 10
For all integer \(\ell \le m\) and positive \(\delta \) there is an \((m,\ell , d, \delta )\)matching graph with \(d = (2+(m\ell )\ln 2)/\delta ^2 + \ln (1/\delta )/\delta \).
Proof
We show the existence of such a graph using a probabilistic argument. Let A and B be any sets of \(M=2^m\) left and \(L=2^\ell \) right nodes, respectively. Construct a random graph G by choosing d random neighbors independently for each \(u\in A\). Different neighbors of the same node u are also chosen independently, thus they might coincide. For any \(A'\subseteq A\) of size L, let \(E_{A'}\) be the event that \(G_{A'\cup B}\) does not have a matching of size \(L(1\delta )\), and let Open image in new window . Note that the lemma holds if Open image in new window .
Claim
\(\Pr [Y<(1\delta )L]\le \Pr [Z<(1\delta )L]\).
Proof
6.2 A Lower Bound on the Degree of Matching Graphs
Lemma 11
Proof
We will prove that in such a bipartite graph there must exist a leftset A of size \(2^m (1  4 \delta )^d\) whose neighbors are contained in a rightset B of size \((12\delta )2^\ell \). If the graph is a matching graph with said parameters, it must then follow that \(A \le 2^\ell \), hence \(d \ge (m\ell ) / \log (1  4 \delta ) = \varOmega ((m  \ell )/\delta )\).
It must then hold that for such random B, the expected number of leftnodes that map into B is \(2^m(14\delta )\). Hence, for some choice of B, there will exist a leftset A of the same size whose neighbors are all in B. \(\square \)
6.3 A Lower Bound for Eq. (2) of the Proof of Lemma 2
Lemma 12
Proof
Claim
\(N (\ln N)^2(2 \alpha  \alpha ^2  1) \rightarrow  \frac{1}{N}\) as \(N \rightarrow \infty \).
Footnotes
 1.
We discuss the differences in more detail in Sect. 5.
 2.
In a discrete protocol, we restrict only the amount of private randomness in this definition. It is perhaps natural to also restrict the public randomness, but we will not need to.
 3.
For each left vertex, we pick each of the d neighbors independently and uniformly from the rightset.
 4.
On any input x and any choice of randomness r, \(M_{\pi '}(x,r)\) is obtained by taking \(M_\pi (x,r)\) and adding some additional communication J(x, r).
 5.
In Sect. 6.3 we will prove a corresponding lower bound, implying that this upperbound is tight up to a constant term.
 6.
This follows because \(\pi \) is a protocol. Indeed, if \(s^*\) were not a prefix of \(\pi (x, y)\), that would mean some bit in \(s^*\) is the wrong bit send by one of the players. If it is a wrong bit for Alice, then \(w_a(s^*x) = 0\), and similarly for Bob.
 7.
The averages are measured over the input distribution and the internal randomness of the protocol.
 8.
We have added 1 bit per message because, sending \(\ell _i\) ones to Alice, Bob should append them by a zero—recall that the messages must form a prefix free set.
 9.
This is because the harmonic numbers \(H_n = \sum _{i=1}^n 1/i\) converge to \(\log N + \gamma \) for the Euler–Mascheroni constant \(\gamma \approx 0.577\).
Notes
Acknowledgments
The authors thank Pavel Pudlák for fruitful discussions. Part of the research for this paper was made at Schloss Dagstuhl during the workshop “Algebraic and Combinatorial Methods in Computational Complexity.” Joshua Brody is supported in part by Danish Council for Independent Research Grant LOBO 438146. The author also acknowledges support from the Danish National Research Foundation and The National Science Foundation of China (under the Grant 61061130540) for the SinoDanish Center for the Theory of Interactive Computation, within which part of this work was performed. Michal Koucký is supported in part by Grant IAA100190902 of GA AV ČR, and the Center of Excellence CEITI (P202/12/G061 of GA ČR). Bruno Loff is supported by Grant SFRH/BD/43169/2008, given by FCT, Portugal. The research leading to these results has received funding from the European Research Council under the European Union’s Seventh Framework Programme (FP/20072013)/ERC Grant Agreement No. 616787. Florian Speelman is supported by the NWO DIAMANT project. Both Harry Buhrman and Florian Speelman are also supported by the EU project SIQS. Part of the work was done while the Nikolay Vereshchagin was visiting CWI. The work was in part supported by the RFBR Grant 120100864 and the ANR Grant Project ANR08EMER008.
References
 1.Barak, B., Braverman, M., Chen, X., Rao, A.: How to compress interactive communication. In: Proceedings of the 42nd STOC, pp. 67–76 (2010)Google Scholar
 2.Brody, J., Buhrman, H., Koucký, M., Loff, B., Speelman, F., Vereshchagin, N.: Towards a reverse Newman’s theorem in interactive information complexity. In: Proceedings of the 28th CCC, pp. 24–33 (2013)Google Scholar
 3.Braverman, M., Garg, A.: Public vs private coin in boundedround information. In: Proceedings of the 41st ICALP, pp. 502–513 (2014)Google Scholar
 4.Buhrman, H., Koucký, M., Vereshchagin, N.: Randomized individual communication complexity. In: Proceedings of the 23rd CCC, pp. 321–331 (2008)Google Scholar
 5.Bauer, B., Moran, S., Yehudayoff, A.: Internal compression of protocols to entropy. In: Proceedings of the 19th RANDOM, pp. 481–496 (2015)Google Scholar
 6.Braverman, M., Rao, A.: Information equals amortized communication. In: Proceedings of the 52nd STOC, pp. 748–757 (2011)Google Scholar
 7.Braverman, M., Rao, A., Weinstein, O., Yehudayoff, A.: Direct product via roundpreserving compression.In: Proceedings of the 40th ICALP, pp. 232–243 (2013)Google Scholar
 8.BarYossef, Z., Jayram, T.S., Kumar, R., Sivakumar, D.: An information statistics approach to data stream and communication complexity. J. Comput. Syst. Sci. 68(4), 702–732 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
 9.Chakrabarti, A., Shi, Y., Wirth, A., Yao, A.C.C.: Informational complexity and the direct sum problem for simultaneous message passing. In: Proceedings of the 42nd FOCS (2001)Google Scholar
 10.Feige, U., Peleg, D., Raghavan, P.: Computing with noisy information. SIAM J. Comput. 23(5), 1001–1018 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
 11.Hall, P.: On representatives of subsets. J. Lond. Math. Soc. 1(10), 25–30 (1935)zbMATHGoogle Scholar
 12.Jain, R., Pereszlenyi, A., Yao, P.: A direct product theorem for boundedround publiccoin randomized communication complexity. In: Proceedings of the 53rd FOCS (2012)Google Scholar
 13.Jain, R., Radhakrishnan, J., Sen, P.: A direct sum theorem in communication complexity via message compression. In: Proceedings of the 30th ICALP (2003)Google Scholar
 14.Kozachinsky, A.: On the role of private coins in unboundedround information complexity. Technical Report TR14062, ECCC (2014)Google Scholar
 15.Kozachinsky, A.: On Slepian–Wolf theorem with interaction. Unpublished, Private correspondence (2015)Google Scholar
 16.Newman, I.: Private vs. common random bits in communication complexity. Inf. Process. Lett. 39(2), 67–71 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
 17.Pankratov, D.: Direct sum questions in classical communication complexity. Master’s thesis, University of Chicago (2012)Google Scholar
 18.Renner, R., Wolf, S.: Simple and tight bounds for information reconciliation and privacy amplification. In: Advances in Cryptology—ASIACRYPT 2005, volume 3788 of LNCS, pp. 199–216 (2005)Google Scholar
 19.Slepian, D., Wolf, J.K.: Noiseless coding of correlated information sources. IEEE Trans. Inf. Theory 19, 471–480 (1973)MathSciNetCrossRefzbMATHGoogle Scholar
Copyright information
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.