B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....it is assigned) the above results can be used to obtain communication efficient, perfectly private two round protocols for modular addition relative to general adversary structures. For the case of threshold structures, this can be compared with the (communication optimal) private protocol of [10], which is only slightly more communication efficient but requires many rounds of interaction. 3.3 Optimal Construction for Linear Correlations We now move to the general case of linear correlations, where the joint output distribution D forms a uniformly random vector in some linear space over ....

B. Chor and E. Kushilevitz. A communication-privacy tradeoff for modular addition. Information Processing Letters, 45(4):205--210, March 1993.

....of Bielefeld University, Germany. of the protocol no coalition of arbitrary size can get any information about the inputs of the remaining players other than what can be deduced by their own inputs and the value of f . Private computation in this model has been the subject of several papers [1, 7, 8, 15, 18, 5, 6, 16]. Chor and Kushilevitz [7] characterized the boolean functions that can be computed in a totally private way. More precisely, they proved a boolean function f(x 1 ; Delta Delta Delta ; xn ) is totally private if and only if it can be represented as the XOR of n one argument boolean functions. ....

....the private inputs are uniformly distributed and the players have access to a source of uniformly distributed bits, at least k(n Gamma 1) n Gamma 2) 2 random bits are needed to compute the sum modulo 2 of n k bit integers. Our lower bound is tight as Chor and Kushilevitz have presented in [8] a protocol for computing the sum modulo 2 of n k bit integers that uses exactly k(n Gamma 1) n Gamma 2) 2 random bits. To prove our lower bound we make no assumption on the general structure of the protocol; for example, our lower bound holds also for non oblivious protocols. Oblivious ....

[Article contains additional citation context not shown here]

B. Chor and E. Kushilevitz, A Communication-Privacy Tradeoff for Modular Addition, Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....it is assigned) the above results can be used to obtain communication efficient, perfectlyprivate two round protocols for modular addition relative to general adversary structures. For the case of threshold structures, this can be compared with the (communication optimal) private protocol of [10], which is only slightly more communication efficient but requires many rounds of interaction. 3.3 Optimal Construction for Linear Correlations We now move to the general case of linear correlations, where the joint output distribution D forms a uniformly random vector in some linear space over ....

B. Chor and E. Kushilevitz. A communication-privacy tradeoff for modular addition. Information Processing Letters, 45(4):205--210, March 1993.

....of Bielefeld University, Germany. of the protocol no coalition of arbitrary size can get any information about the inputs of the remaining players other than what can be deduced by their own inputs and the value of f . Private computation in this model has been the subject of several papers [1, 7, 8, 15, 18, 5, 6, 16]. Chor and Kushilevitz [7] characterized the boolean functions that can be computed in a totally private way. More precisely, they proved a boolean function f(x 1 ; Delta Delta Delta ; xn ) is totally private if and only if it can be represented as the XOR of n one argument boolean functions. ....

....the private inputs are uniformly distributed and the players have access to a source of uniformly distributed bits, at least k(n Gamma 1) n Gamma 2) 2 random bits are needed to compute the sum modulo 2 k of n k bit integers. Our lower bound is tight as Chor and Kushilevitz have presented in [8] a protocol for computing the sum modulo 2 k of n k bit integers that uses exactly k(n Gamma 1) n Gamma 2) 2 random bits. To prove our lower bound we make no assumption on the general structure of the protocol; for example, our lower bound holds also for non oblivious protocols. Oblivious ....

[Article contains additional citation context not shown here]

B. Chor and E. Kushilevitz, A Communication-Privacy Tradeoff for Modular Addition, Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....way. That is, after the execution of the protocol no coalition of size at most t can get any information about the inputs of the remaining players other than what can be deduced from their own inputs and the value of F . Private computation in this model has been the subject of several papers [1, 6, 7, 8, 9, 16, 17, 20]. If t = n Gamma 1, then t private computation is referred to as totally private computation. Chor and Kushilevitz [8] characterized the boolean functions that can be computed in a totally private way. More precisely, they proved that a boolean function F(x 1 ; Delta Delta Delta ; x n ) is ....

....n. As a corollary, we obtain that when the private inputs are uniformly distributed at least k(n Gamma 1) n Gamma 2) 2 random bits are needed to compute the sum modulo 2 k of n k bit integers in an (n Gamma 2) private way. This lower bound is tight as Chor and Kushilevitz have presented in [9] a protocol for computing the sum modulo 2 k of n k bit integers that uses exactly k(n Gamma 1) n Gamma 2) 2 random bits. The importance of the computation of modular sum when total privacy is required lies in the result of Chor and Kushilevitz [8] that tells us that, in the boolean case, the ....

[Article contains additional citation context not shown here]

B. Chor and E. Kushilevitz, A Communication-Privacy Tradeoff for Modular Addition, Information Processing Letters, Vol. 45, 1993, pp. 205--210.

No context found.

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

No context found.

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

No context found.

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

No context found.

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

.... with the use of randomized protocols (see [17] Various techniques to minimize the amount of randomness needed were extensively studied in computer science (e.g. 36, 52, 10, 47, 54, 18, 32, 4, 46, 1, 50, 35, 37, 40, 33, 34] and tradeoffs between randomness and other resources were found (e.g. [14, 48, 38, 15, 21, 9, 8, 44, 7, 42, 40]) Security vs. Randomness. It is not hard to show that some randomness is essential to maintain security (if all parties are deterministic then the adversary can infer information on the parties inputs from their messages) We are interested in the amount of randomness required for carrying out ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

.... in a way that no single player learns about the initial inputs of other players more than what is revealed by the value of f( x) and its own input 1 (no matter what its computational resources are) Private computations in this setting were the subject of a considerable amount of work, e.g. [5, 13, 2, 3, 15, 16, 17, 18, 21, 33, 37] 2 . In this paper, we consider An early version of this paper appeared in the Proc. of the 17th PODC conference, 1998, pp. 81 90. y Dept. of Computer Science, Technion, Haifa, Israel. e mail: eyalk cs.technion.ac.il; Part of this research was done while visiting ICSI Berkeley. Supported by ....

.... 34, 35, 22] In particular, in [7, 35, 31] the amount of randomness required for private computations of xor (the exclusive or function) was considered (this function was the subject of previous research in the area of privacy due to its being a basic linear operation and its relative simplicity [21, 16]) In this paper too we concentrate on the xor function. We chose this function since its singleinstance case is relatively well understood, and thus it enables us to derive direct sum results. Indeed, the randomness complexity of private computations of the xor function on a single instance ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....all follow the prescribed protocol P but they could try to get additional information from the messages they receive during the execution of the protocol. The study of private computations in this setting was initiated by [BGW88, CCD88] and was the subject of a considerable amount of work, e.g. [BB89, CK89, K89, B89, FY92, CK92, CGK90, CGK92, KMO94]. The use of randomness is a crucial ingredient in private protocols; without randomness only degenerate functions can be computed privately. The xor (exclusive or) function (and more generally, modular sum function) is a basic building block in all private protocols. As a result (and due to its ....

....functions can be computed privately. The xor (exclusive or) function (and more generally, modular sum function) is a basic building block in all private protocols. As a result (and due to its relative simplicity) the task of computing xor t privately was the subject of previous research [FY92, CK92, KR94, BDPV94]. We investigate the amount of randomness required to compute the exclusive or of n input bits t privately. The known upper bound uses O(tn) random bits. Better upper bounds were known only for the case t = 1 (see [KR94] in which a single random bit is sufficient. As for lower bounds, Blundo ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition ", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

.... [CD89] Various techniques to minimize the amount of randomness needed were extensively studied in computer science (e.g. AGHP90, BGG90, BM82, CG85, IZ89, KK94, KM93, KM94a, KM94b, KM96, KY76, N90, NN90, S92, Y82a, Z91] and tradeoffs between randomness and other resources were found (e.g. [BDPV95, BGS94, BSV94, CG90, CK93, CRS93, KM96, KOR96, KPU88, KR94, RS89]) Security vs. Randomness. It is not hard to show that, except for degenerate cases, some randomness is essential to maintain security (if all parties are deterministic then the adversary can infer information on the parties inputs from their messages) We are interested in the amount of ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....secret input, x i , to compute the value of f( x) in a way that no single player learns about the initial inputs of other players more than what is revealed by the value of f( x) and its own input 1 . Private computations in this setting were the subject of a considerable amount of work, e.g. [5, 13, 2, 3, 15, 16, 17, 18, 21, 31, 35]. In this paper, we consider this setting for the basic xor function, and show quite unexpected results relating the rounds complexity and the randomness complexity of such computations. An early version of this paper appeared in the Proc. of the 17th PODC conference, 1998, pp. 81 90. y Dept. ....

.... 32, 33, 22] In particular, in [7, 33, 30] the amount of randomness required for private computations of xor (the exclusive or function) was considered (this function was the subject of previous research in the area of privacy due to its being a basic linear operation and its relative simplicity [21, 16]) In this paper we also concentrate on the xor function. Previously, the following was known for privately computing xor on a single instance (that is, where each player has a single input bit) ffl there is no deterministic solution for the problem; ffl with a single random bit the problem ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....supported by research contracts ONR N0001491 J 1981 and NSF CCR 90 07677. z Dept. of Computer Science, Tel Aviv University, Tel Aviv, Israel. e mail: adiro math.tau.ac.il 1 In the literature a more general definition of t privacy is given. The above definition is the case t = 1. work, e.g. [BGW88, CCD88, BB89, CK89, K89, B89, FY92, CK92, CGK90, CGK92, KMO94]. One crucial ingredient in private protocols is the use of randomness. Quantifying the amount of randomness needed for computing functions privately is the subject of the present work. Randomness as a resource was extensively studied in the last decade. Methods for saving random bits range over ....

....private computations. We mainly concentrate on the specific task of computing the xor of n input bits. However, most of our results extend to any boolean function. The task of computing xor was the subject of previous research due to its being a basic linear operation and its relative simplicity [FY92, CK92]. It is known as a folklore theorem (and is not difficult to show) that private computation of xor cannot be carried out deterministically (for n 3) On the other hand, with a single random bit such a computation becomes possible: At the first round player P n chooses a random bit r and sends ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

.... with the use of randomized protocols (see [16] Various techniques to minimize the amount of randomness needed were extensively studied in computer science (e.g. 35, 50, 10, 45, 52, 17, 31, 4, 44, 1, 48, 34, 36, 39, 32, 33] and tradeoffs between randomness and other resources were found (e.g. [13, 46, 37, 14, 20, 9, 8, 42, 7, 41, 39]) Security vs. Randomness. Clearly, some randomness is essential to maintain security (if all parties are deterministic then the adversary can infer information on the parties inputs from their messages) We are interested in the amount of randomness required for carrying out a t resilient ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....all follow the prescribed protocol P but they could try to get additional information from the messages they receive during the execution of the protocol. The study of private computations in this setting was initiated by [BGW88, CCD88] and was the subject of a considerable amount of work, e.g. [BB89, CK89, K89, B89, FY92, CK92, CGK90, CGK92, KMO94, KOR96]. 1 The use of randomness is a crucial ingredient in private protocols; without randomness only degenerate functions can be computed privately. Protocols for the xor (exclusive or) function (and more generally, protocols for the modular sum function) are basic building blocks in most ....

....for the xor (exclusive or) function (and more generally, protocols for the modular sum function) are basic building blocks in most private protocols currently known. As a result (and due to its relative simplicity) the task of computing xor t privately was the subject of previous research [FY92, CK92, KR94, BDPV95]. We investigate the amount of randomness required to compute the exclusive or of n input bits t privately. The known upper bound uses O(tn) random bits. 2 Better upper bounds were known only for the case t = 1 (see [KR94] in which a single random bit is sufficient. As for lower bounds, ....

B. Chor, and E. Kushilevitz, "A Communication-Privacy Tradeoff for Modular Addition ", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

....all follow the prescribed protocol P but they could try to get additional information from the messages they receive during the execution of the protocol. The study of private computations in this setting was initiated by [BGW88, CCD88] and was the subject of a considerable amount of work, e.g. [BB89, CK89, K89, B89, FY92, CK92, CGK90, CGK92, KMO94, KOR96]. 1 The use of randomness is a crucial ingredient in private protocols; without randomness only degenerate functions can be computed privately. 1 This setting is different than the one studied in [Y86, GMW87] in which the computational power of the players is restricted and hence ....

....intractability assumptions can be used. The xor (exclusive or) function (and more generally, modular sum function) is a basic building block in all private protocols. As a result (and due to its relative simplicity) the task of computing xor t privately was the subject of previous research [FY92, CK92, KR94, BDPV95]. We investigate the amount of randomness required to compute the exclusive or of n input bits t privately. The known upper bound uses O(tn) random bits. Better upper bounds were known only for the case t = 1 (see [KR94] in which a single random bit is sufficient. As for lower bounds, Blundo et. ....

B. Chor, and E. Kushilevitz, "A CommunicationPrivacy Tradeoff for Modular Addition", Information Processing Letters, Vol. 45, 1993, pp. 205--210.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC