Computational two-party correlation: a dichotomy for key-agreement protocols

From MaRDI portal

Publication:5138779

Jump to:navigation, search

DOI10.1137/19M1236837MaRDI QIDQ5138779zbMATH OpenFDO

Authors Iftach Haitner, Kobbi Nissim, Eran Omri, Ronen Shaltiel, Jad Silbak

Publication date 4 December 2020

Published in SIAM Journal on Computing (Search for Journal in Brave)

Full work available at URL https://arxiv.org/abs/2105.00765

zbMATH Keywords

cryptography differential privacy key-agreement

Mathematics Subject Classification ID

Cryptography (94A60) Privacy of data (68P27) Communication complexity, information complexity (68Q11)

Abstract: Let

p i

be an efficient two-party protocol that given security parameter

k a p p a

, both parties output single bits

X_{k} a p p a

and

Y_{k} a p p a

, respectively. We are interested in how

(X_{k} a p p a, Y_{k} a p p a)

"appears" to an efficient adversary that only views the transcript

T_{k} a p p a

. We make the following contributions:

We develop new tools to argue about this loose notion and show (modulo some caveats) that for every such protocol

p i

, there exists an efficient simulator such that the following holds: on input

T_{k} a p p a

, the simulator outputs a pair

(X'_{k} a p p a, Y'_{k} a p p a)

such that

(X'_{k} a p p a, Y'_{k} a p p a, T_{k} a p p a)

is (somewhat) computationally indistinguishable from

(X_{k} a p p a, Y_{k} a p p a, T_{k} a p p a)

.

We use these tools to prove the following dichotomy theorem: every such protocol

p i

is: - either uncorrelated -- it is (somewhat) indistinguishable from an efficient protocol whose parties interact to produce

T_{k} a p p a

, but then choose their outputs independently from some product distribution (that is determined in poly-time from

T_{k} a p p a

), - or, the protocol implies a key-agreement protocol (for infinitely many

k a p p a

's). Uncorrelated protocols are uninteresting from a cryptographic viewpoint, as the correlation between outputs is (computationally) trivial. Our dichotomy shows that every protocol is either completely uninteresting or implies key-agreement.

We use the above dichotomy to make progress on open problems on minimal cryptographic assumptions required for differentially private mechanisms for the XOR function.

A subsequent work of Haitner et al. uses the above dichotomy to makes progress on a longstanding open question regarding the complexity of fair two-party coin-flipping protocols.

Recommendations

Cites work

Cited in

(9)

This page was built for publication: Computational two-party correlation: a dichotomy for key-agreement protocols

Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q5138779)

Retrieved from "https://portal.mardi4nfdi.de/w/index.php?title=Publication:5138779&oldid=19681389"