On privacy and partition arguments

  • Authors:
  • Benny Chor

  • Affiliations:
  • Technion-Israel Institute of Technology, Haifa, Israel

  • Venue:
  • Information and Computation
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

A function and f (x1, x2,..., xn) is said to be t-private if there exists a (randomized) communication protocol for computing f, such that no coalition of at most t participants can infer any additional information from the execution of the protocol other than what follows from their inputs and the value of f. It is known that every n-argument function f defined over finite domains can be computed (n-1/2)-privately. The classes of 1-private two-argument functions and of t-private Boolean functions admit relatively simple characterizations. In contrast, the general question of characterizing the class of t-private functions of n arguments is still open. The only technique that appears in the literature for proving non-t-privacy of a function f (x1, x2,..., xn) over a finite domain, where n greater than or equal to 3 and [n/2] less than or equal to t less than or equal to n-1, uses a reduction to the two-party case via a partition argument. A necessary condition for f being t-private is that for every partition (S; Sw/repeating bar) of the parties {1, 2,...,n} such that both |S| ≤ to t and |S| w/repeating bar t, the two-argument function obtained by viewing f as a function of {xi}ieSrepeating and {xi}ieS is 1-private. The question whether the use of such partition reductions together with the two-party characterization is powerful enough to characterize privacy in the multiparty case was raised as an open problem in previous works. These works also exhibit an affirmative answer for specific classes of functions. We answer this question negatively. We show that even if more general partition reductions are used, in which the n parties are partitioned into k sets (2 less than or = to k less or=to n-1) rather than just two, those reductions are still too weak to characterize privacy. On the other hand, we show that increasing the number of sets k does give some extra characterization power. Copyright 2001 Academic Press.