Lower and Upper Bounds on the Randomness Complexity of Private Computations of AND

Abstract: We consider multi-party information-theoretic private protocols, and specifically their randomness complexity. The randomness complexity of private protocols is of interest both because random bits are considered a scarce resource, and because of the relation between that complexity measure and other complexity measures of boolean functions such as the circuit size or the sensitivity of the function being computed [17,12]. More concretely, we consider the randomness complexity of the basic boolean function and… Show more

“…We give a new protocol to 1-privately compute the n-player AND function, which uses a single random source and 6 random bits tossed by that source. This improves, upon the currently best known results [18], at the same time the number of sources and the number of random bits ([18] gives a 2-source, 8-bits protocol). This result gives maybe some evidence that for 1-privacy, using the minimum necessary number of sources one can also achieve the necessary minimum number of random bits.…”

“…Here, we again achieve a somewhat surprising result: we improve over the result of [17] in the two aspects at the time, i.e., we reduce both the number of sources and the number of random bits. Using a completely different protocol, we show that 6 bits tossed by a single source are sufficient to 1-privately compute the n-party AND functionality, for any n ≥ 3.…”

“…Then, in the course of getting a better understanding of the relation between randomness complexity and random sources, we turn our attention to a simple, yet very basic, concrete functionality: the n-party AND (it is very common in the literature on randomness complexity of secure computation to study the case of simple functionalities such as XOR [21,16,19,10] or AND [17], as they are basic functions). Here, the state of the art is the recent work of [17], that showed that 8 bits are sufficient to 1-privately compute the n-party AND functionality (the paper also shows that more than 1 bit is necessary). The upper bound of [17] uses two sources, and our question is whether we can match this upper bound using a single source or whether a private protocol with a single source will require more random bits.…”

“…Here, the state of the art is the recent work of [17], that showed that 8 bits are sufficient to 1-privately compute the n-party AND functionality (the paper also shows that more than 1 bit is necessary). The upper bound of [17] uses two sources, and our question is whether we can match this upper bound using a single source or whether a private protocol with a single source will require more random bits.…”

“…In the context of information theoretic secure computation, a problem of fundamental interest is to understand how much randomness is required to securely compute a function. The design of randomness-efficient private protocols, and the quantification of the amount of randomness necessary to perform private computations of various functions and under various constraints has received considerable attention in the literature, see, e.g., [21,16,19,5,14,9,26,17].…”

Random Sources in Private Computation

“…We give a new protocol to 1-privately compute the n-player AND function, which uses a single random source and 6 random bits tossed by that source. This improves, upon the currently best known results [18], at the same time the number of sources and the number of random bits ([18] gives a 2-source, 8-bits protocol). This result gives maybe some evidence that for 1-privacy, using the minimum necessary number of sources one can also achieve the necessary minimum number of random bits.…”

“…Here, we again achieve a somewhat surprising result: we improve over the result of [17] in the two aspects at the time, i.e., we reduce both the number of sources and the number of random bits. Using a completely different protocol, we show that 6 bits tossed by a single source are sufficient to 1-privately compute the n-party AND functionality, for any n ≥ 3.…”

“…Then, in the course of getting a better understanding of the relation between randomness complexity and random sources, we turn our attention to a simple, yet very basic, concrete functionality: the n-party AND (it is very common in the literature on randomness complexity of secure computation to study the case of simple functionalities such as XOR [21,16,19,10] or AND [17], as they are basic functions). Here, the state of the art is the recent work of [17], that showed that 8 bits are sufficient to 1-privately compute the n-party AND functionality (the paper also shows that more than 1 bit is necessary). The upper bound of [17] uses two sources, and our question is whether we can match this upper bound using a single source or whether a private protocol with a single source will require more random bits.…”

“…Here, the state of the art is the recent work of [17], that showed that 8 bits are sufficient to 1-privately compute the n-party AND functionality (the paper also shows that more than 1 bit is necessary). The upper bound of [17] uses two sources, and our question is whether we can match this upper bound using a single source or whether a private protocol with a single source will require more random bits.…”

“…In the context of information theoretic secure computation, a problem of fundamental interest is to understand how much randomness is required to securely compute a function. The design of randomness-efficient private protocols, and the quantification of the amount of randomness necessary to perform private computations of various functions and under various constraints has received considerable attention in the literature, see, e.g., [21,16,19,5,14,9,26,17].…”

Random Sources in Private Computation

Tight Bounds on the Randomness Complexity of Secure Multiparty Computation

Randomness Requirements for Three-Secret Sharing