Abstract.
We consider the problem of n honest but curious players with private inputs \( x_1,\ldots,x_n, \) who wish to compute the value of a fixed function \( {\cal F}(x_1,\ldots,x_n) \) in such way that at the end of the protocol every player knows the value \( {\cal F}(x_1,\ldots,x_n) \). Each pair of players is connected by a secure point-to-point communication channel. The players have unbounded computational resources and they intend to compute \( {\cal F} \) in a t-private way. That is, after the execution of the protocol, no coalition of size at most \( t \le n - 1 \) can get any information about the inputs of the remaining players other than what can be deduced from their own inputs and the value of \( \cal F \).¶ We study the amount of randomness needed in t-private protocols. We prove a lower bound on the randomness complexity of any t-private protocol to compute a function with sensitivity n. As a corollary, we obtain that when the private inputs are uniformly distributed, at least k(n—1)(n—2)/2 random bits are needed to compute the sum modulo 2k of n k-bit integers in an (n—2)-private way. This result is tight as there are protocols for this problem that use exactly this number of random bits.
Similar content being viewed by others
Author information
Authors and Affiliations
Additional information
Received: February 4, 1997.
Rights and permissions
About this article
Cite this article
Blundo, C., De Santis, A., Persiano, G. et al. Randomness complexity of private computation. comput. complex. 8, 145–168 (1999). https://doi.org/10.1007/s000370050025
Issue Date:
DOI: https://doi.org/10.1007/s000370050025