Abstract
In the conditional disclosure of secrets (CDS) problem (Gertner et al. in J Comput Syst Sci, 2000) Alice and Bob, who hold n-bit inputs x and y respectively, wish to release a common secret z to Carol, who knows both x and y, if and only if the input (x, y) satisfies some predefined predicate f. Alice and Bob are allowed to send a single message to Carol which may depend on their inputs and some shared randomness, and the goal is to minimize the communication complexity while providing information-theoretic security. Despite the growing interest in this model, very few lower-bounds are known. In this paper, we relate the CDS complexity of a predicate f to its communication complexity under various communication games. For several basic predicates our results yield tight, or almost tight, lower-bounds of \(\Omega (n)\) or \(\Omega (n^{1-\epsilon })\), providing an exponential improvement over previous logarithmic lower-bounds. We also define new communication complexity classes that correspond to different variants of the CDS model and study the relations between them and their complements. Notably, we show that allowing for imperfect correctness can significantly reduce communication—a seemingly new phenomenon in the context of information-theoretic cryptography. Finally, our results show that proving explicit super-logarithmic lower-bounds for imperfect CDS protocols is a necessary step towards proving explicit lower-bounds against the communication complexity class \(\text {AM}^{\text {cc}}\), or even \(\text {AM}^{\text {cc}}\cap \text {co-AM}^{\text {cc}}\)—a well known open problem in the theory of communication complexity. Thus imperfect CDS forms a new minimal class which is placed just beyond the boundaries of the “civilized” part of the communication complexity world for which explicit lower-bounds are known.
Highlights
Understanding the communication complexity of information-theoretically secure protocols is a fundamental research problem
In this paper we will focus on what seems to be the simplest task in this model: Conditional Disclosure of Secrets (CDS) [20]
The protocol has a minimal communication complexity of 2 and randomness complexity of O(n). (The latter can be reduced to O(log n) by using an almost pair-wise independent hash function and settling for a constant privacy error.) This yields a strong separation between the complexity of a predicate and its complement with respect to perfectly-correct perfectly-private CDS protocols
Summary
Understanding the communication complexity of information-theoretically secure protocols is a fundamental research problem. [3] showed that this bound is essentially tight: There are (partial) functions whose randomized communication complexity is exponentially larger than their CDS complexity. They proved a linear n-bit lower-bound for a random (non-explicit) n-bit predicate f : {0, 1}n × {0, 1}n → {0, 1}. Our results provide simple, yet effective, ways to leverage privacy to construct communication protocols They lead to new lower-bounds for perfect and imperfect CDS protocols, and allow us to establish new results regarding the relations between different variants of the CDS model
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
