TY - GEN
T1 - Exponential Correlated Randomness Is Necessary in Communication-Optimal Perfectly Secure Two-Party Computation
AU - Hiwatashi, Keitaro
AU - Nuida, Koji
N1 - Publisher Copyright:
© Keitaro Hiwatashi and Koji Nuida; licensed under Creative Commons License CC-BY 4.0 4th Conference on Information-Theoretic Cryptography (ITC 2023)
PY - 2023/7
Y1 - 2023/7
N2 - Secure two-party computation is a cryptographic technique that enables two parties to compute a function jointly while keeping each input secret. It is known that most functions cannot be realized by information-theoretically secure two-party computation, but any function can be realized in the correlated randomness (CR) model, where a trusted dealer distributes input-independent CR to the parties beforehand. In the CR model, three kinds of complexities are mainly considered; the size of CR, the number of rounds, and the communication complexity. Ishai et al. (TCC 2013) showed that any function can be securely computed with optimal online communication cost, i.e., the number of rounds is one round and the communication complexity is the same as the input length, at the price of exponentially large CR. In this paper, we prove that exponentially large CR is necessary to achieve perfect security and online optimality for a general function and that the protocol by Ishai et al. is asymptotically optimal in terms of the size of CR. Furthermore, we also prove that exponentially large CR is still necessary even when we allow multiple rounds while keeping the optimality of communication complexity.
AB - Secure two-party computation is a cryptographic technique that enables two parties to compute a function jointly while keeping each input secret. It is known that most functions cannot be realized by information-theoretically secure two-party computation, but any function can be realized in the correlated randomness (CR) model, where a trusted dealer distributes input-independent CR to the parties beforehand. In the CR model, three kinds of complexities are mainly considered; the size of CR, the number of rounds, and the communication complexity. Ishai et al. (TCC 2013) showed that any function can be securely computed with optimal online communication cost, i.e., the number of rounds is one round and the communication complexity is the same as the input length, at the price of exponentially large CR. In this paper, we prove that exponentially large CR is necessary to achieve perfect security and online optimality for a general function and that the protocol by Ishai et al. is asymptotically optimal in terms of the size of CR. Furthermore, we also prove that exponentially large CR is still necessary even when we allow multiple rounds while keeping the optimality of communication complexity.
UR - http://www.scopus.com/inward/record.url?scp=85169029007&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85169029007&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITC.2023.18
DO - 10.4230/LIPIcs.ITC.2023.18
M3 - Conference contribution
AN - SCOPUS:85169029007
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 4th Conference on Information-Theoretic Cryptography, ITC 2023
A2 - Chung, Kai-Min
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
T2 - 4th Conference on Information-Theoretic Cryptography, ITC 2023
Y2 - 6 June 2023 through 8 June 2023
ER -