# On the number of random bits in totally private computation

## Abstract

We consider the classic problem of *n* honest but curious players with private inputs *x*_{1},*...,x*_{ n } who wish to compute the value of a fixed function *f(x*_{1},*...,x*_{ n }) in such way that at the end of the protocol every player knows the value *f(x*_{1},..., *x*_{ n }). Each pair of players is connected by a secure point-to-point communication channel. The players have unbounded computational resources and they intend to compute *f* in a totally private way. That is, after the execution of the protocol no coalition of *arbitrary* size can get any information about the inputs of the remaining players other than what can be deduced by their own inputs and the value of *f*.

We study the amount of randomness needed in totally private protocols. Our main result is a lower bound on the number of random bits needed to compute a function with sensitivity *n*. As a corollary we obtain that when the private inputs are uniformly distributed and the players have access to a source of uniformly distributed bits, at least *k n*−1)(*n*−2)/2 random bits are needed to compute the sum modulo 2^{ k } of *n k*-bit integers. This result is tight as there are protocols for this problem that use *exactly* this number of random bits.

## Keywords

Boolean Function Shannon Entropy Random Input Random Source Private Input## Preview

Unable to display preview. Download preview PDF.

## References

- 1.M. Ben-Or, S. Goldwasser, and A. Wigderson,
*Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation*, STOC 1988, pp. 1–10.Google Scholar - 2.C. Blundo, A. De Santis, and U. Vaccaro,
*Randomness in Distribution Protocols*, ICALP 1994, Vol.**820**of LNCS, 1994, pp. 568–579.Google Scholar - 3.R. Canetti and O. Goldreich,
*Bounds on Tradeoffs Between Randomness and Communication Complexity*, Computational Complexity**3**, pp. 141–167, 1993.Google Scholar - 4.S. Chari, P. Rohatgi, and A. Srinivasan,
*Randomness-Optimal Unique Element Isolation, with Application to Perfect Matching and Related Problems*, STOC 1993, pp. 458–467.Google Scholar - 5.D. Chaum, C. Crépeau, and I. Damgård,
*Multiparty Unconditionally Secure Protocols*, STOC 1988, pp. 11–19.Google Scholar - 6.B. Chor, M. Gereb-Graus, and E. Kushilevitz,
*On The Structure of the Privacy Hierarchy*, J. of Cryptology**7**, 1994, pp. 53–60.Google Scholar - 7.B. Chor and E. Kushilevitz,
*A Zero-One Law for Boolean Privacy*, SIAM J. Discrete Math.,**4**, 1991, pp. 36–47.Google Scholar - 8.B. Chor and E. Kushilevitz,
*A Communication-Privacy Tradeoff for Modular Addition*, Information Processing Letters, Vol. 45, 1993, pp. 205–210.Google Scholar - 9.B. Chor and N. Shani,
*The Privacy of Dense Symmetric Functions*, to appear in Computational Complexity.Google Scholar - 10.T. M. Cover and J. A. Thomas,
*Elements of Information Theory*, John Wiley & Sons, 1991.Google Scholar - 11.R. Fleischer, H. Jung, and K. Melhorn,
*A Time-Randomness Tradeoff for Communication Complexity*, 4th International Workshop on Distributed Algorithms, Vol.**486**of LNCS, 1991, pp. 390–401.Google Scholar - 12.R. Impagliazzo and D. Zuckerman,
*How to Recycle Random Bits*, FOCS 1989 pp. 248–255.Google Scholar - 13.D.E. Knuth and A.C. Yao,
*The Complexity of Nonuniform Random Number Generation*, in “Algorithms and Complexity”, Academic Press, 1976, pp. 357–428.Google Scholar - 14.D. Krizanc, D. Peleg, and E. Upfal,
*A Time-Randomness Tradeoff for Oblivious Routing*, STOC 1988, pp. 93–102.Google Scholar - 15.E. Kushilevitz,
*Privacy and Communication Complexity*, SIAM J. Discrete Math.,**5**, pp. 273–284.Google Scholar - 16.E. Kushilevitz, S. Micali, and R. Ostrowsky,
*Universal Boolean Judges and their Characterization*, FOCS 1994, pp. 478–489.Google Scholar - 17.E. Kushilevitz and Y. Mansour,
*Small Sample Spaces and Privacy*, manuscript.Google Scholar - 18.E. Kushilevitz and A. Rosen,
*A Randomness-Rounds Tradeoff in Private Computation*, CRYPTO 94, Vol.**839**of LNCS, 1994, pp. 397–410.Google Scholar - 19.P. Raghavan and M. Snir,
*Memory Versus Randomization in On-line Algorithms*, ICALP 1989, LNCS, 1989, pp. 687–703.Google Scholar - 20.D. Zuckerman,
*Simulating BPP Using a General Weak Random Source*, FOCS 1991, pp. 79–89.Google Scholar