The Communication Complexity of Private Simultaneous Messages, Revisited

  • Benny Applebaum
  • Thomas Holenstein
  • Manoj Mishra
  • Ofer Shayevitz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10821)

Abstract

Private Simultaneous Message (PSM) protocols were introduced by Feige, Kilian and Naor (STOC ’94) as a minimal non-interactive model for information-theoretic three-party secure computation. While it is known that every function \(f:\{0,1\}^k\times \{0,1\}^k \rightarrow \{0,1\}\) admits a PSM protocol with exponential communication of \(2^{k/2}\) (Beimel et al., TCC ’14), the best known (non-explicit) lower-bound is \(3k-O(1)\) bits. To prove this lower-bound, FKN identified a set of simple requirements, showed that any function that satisfies these requirements is subject to the \(3k-O(1)\) lower-bound, and proved that a random function is likely to satisfy the requirements.

We revisit the FKN lower-bound and prove the following results:

(Counterexample) We construct a function that satisfies the FKN requirements but has a PSM protocol with communication of \(2k+O(1)\) bits, revealing a gap in the FKN proof.

(PSM lower-bounds) We show that, by imposing additional requirements, the FKN argument can be fixed leading to a \(3k-O(\log k)\) lower-bound for a random function. We also get a similar lower-bound for a function that can be computed by a polynomial-size circuit (or even polynomial-time Turing machine under standard complexity-theoretic assumptions). This yields the first non-trivial lower-bound for an explicit Boolean function partially resolving an open problem of Data, Prabhakaran and Prabhakaran (Crypto ’14, IEEE Information Theory ’16). We further extend these results to the setting of imperfect PSM protocols which may have small correctness or privacy error.

(CDS lower-bounds) We show that the original FKN argument applies (as is) to some weak form of PSM protocols which are strongly related to the setting of Conditional Disclosure of Secrets (CDS). This connection yields a simple combinatorial criterion for establishing linear \(\varOmega (k)\)-bit CDS lower-bounds. As a corollary, we settle the complexity of the Inner Product predicate resolving an open problem of Gay, Kerenidis, and Wee (Crypto ’15).

References

  1. 1.
    Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_8CrossRefGoogle Scholar
  2. 2.
    Applebaum, B.: Garbled circuits as randomized encodings of functions: a primer. Tutorials on the Foundations of Cryptography. ISC, pp. 1–44. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-57048-8_1Google Scholar
  3. 3.
    Applebaum, B., Arkis, B.: Conditional disclosure of secrets and \(d\)-uniform secret sharing with constant information rate. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 24, p. 189 (2017)Google Scholar
  4. 4.
    Applebaum, B., Arkis, B., Raykov, P., Vasudevan, P.N.: Conditional disclosure of secrets: amplification, closure, amortization, lower-bounds, and separations. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 727–757. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_24CrossRefGoogle Scholar
  5. 5.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC\({}^{\text{0}}\). In: FOCS, pp. 166–175 (2004)Google Scholar
  6. 6.
    Applebaum, B., Raykov, P.: From private simultaneous messages to zero-information arthur-merlin protocols and back. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 65–82. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49099-0_3CrossRefGoogle Scholar
  7. 7.
    Barak, B., Jinong, S., Vadhan, S.P.: Derandomization in cryptography. SIAM J. Comput. 37(2), 380–400 (2007)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: STOC, pp. 503–513 (1990)Google Scholar
  9. 9.
    Beimel, A., Ishai, Y., Kumaresan, R., Kushilevitz, E.: On the cryptographic complexity of the worst functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 317–342. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54242-8_14CrossRefGoogle Scholar
  10. 10.
    Ben-or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: STOC, pp. 1–10 (1988)Google Scholar
  11. 11.
    Brickell, E.F., Davenport, D.M.: On the classification of ideal secret sharing schemes. J. Cryptol. 4(2), 123–134 (1991)CrossRefMATHGoogle Scholar
  12. 12.
    Capocelli, R.M., De Santis, A., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. J. Cryptol. 6(3), 157–167 (1993)CrossRefMATHGoogle Scholar
  13. 13.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: STOC, pp. 11–19 (1988)Google Scholar
  14. 14.
    Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Data, D., Prabhakaran, V.M., Prabhakaran, M.M.: Communication and randomness lower bounds for secure computation. IEEE Trans. Inf. Theor. 62(7), 3901–3929 (2016)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation (extended abstract). In: STOC, pp. 554–563 (1994)Google Scholar
  17. 17.
    Gay, R., Kerenidis, I., Wee, H.: Communication complexity of conditional disclosure of secrets and attribute-based encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 485–502. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_24CrossRefGoogle Scholar
  18. 18.
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. J. Comput. Syst. Sci. 60(3), 592–629 (2000)MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)Google Scholar
  20. 20.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S., (eds.), Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, 30 October–3 November 2006, vol. 1, pp. 89–98. ACM (2006)Google Scholar
  21. 21.
    Gutfreund, D., Shaltiel, R., Ta-Shma, A.: Uniform hardness versus randomness tradeoffs for arthur-merlin games. Comput. Complex. 12(3–4), 85–130 (2003)MathSciNetMATHGoogle Scholar
  22. 22.
    Ishai, Y.: Randomization techniques for secure computation. In: Prabhakaran, M., Sahai, A., (eds), Secure Multi-Party Computation of Cryptology and Information Security Series, vol. 10, pp. 222–248. IOS Press (2013)Google Scholar
  23. 23.
    Ishai, Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: ISTCS (Israel Symposium on Theory of Computing and Systems), pp. 174–184 (1997)Google Scholar
  24. 24.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: FOCS, pp. 294–304 (2000)Google Scholar
  25. 25.
    Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43948-7_54Google Scholar
  26. 26.
    Kushilevitz, E., Nisan, N.: Communication Complexity. Cambridge University Press, Cambridge (1997)CrossRefMATHGoogle Scholar
  27. 27.
    Liu, T., Vaikuntanathan, V., Wee, H.: Conditional disclosure of secrets via non-linear reconstruction. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 758–790. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_25CrossRefGoogle Scholar
  28. 28.
    Miltersen, P.B., Vinodchandran, N.V.: Derandomizing Arthur-Merlin games using hitting sets. In: FOCS, pp. 71–80 (1999)Google Scholar
  29. 29.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  30. 30.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)MathSciNetCrossRefMATHGoogle Scholar
  31. 31.
    Sun, H.-M., Shieh, S.-P.: Secret sharing in graph-based prohibited structures. In: Proceedings IEEE INFOCOM 1997, The Conference on Computer Communications, Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies, Driving the Information Revolution, Kobe, Japan, pp. 718–724. IEEE, 7–12 April 1997Google Scholar
  32. 32.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19379-8_4CrossRefGoogle Scholar
  33. 33.
    Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: FOCS, pp. 160–164 (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Benny Applebaum
    • 1
  • Thomas Holenstein
    • 2
  • Manoj Mishra
    • 1
  • Ofer Shayevitz
    • 1
  1. 1.Tel Aviv UniversityTel AvivIsrael
  2. 2.GoogleZurichSwitzerland

Personalised recommendations