TY - GEN
T1 - Channels of Small Log-Ratio Leakage and Characterization of Two-Party Differentially Private Computation
AU - Haitner, Iftach
AU - Mazor, Noam
AU - Shaltiel, Ronen
AU - Silbak, Jad
N1 - Publisher Copyright:
© 2019, International Association for Cryptologic Research.
PY - 2019
Y1 - 2019
N2 - Consider a ppt two-party protocol Π = (A, B) in which the parties get no private inputs and obtain outputs OA,OA ∈ {0, 1}, and let VA and VA denote the parties’ individual views. Protocol (formula presented) has (formula presented)-agreement if (formula presented). The leakage of (formula presented) is the amount of information a party obtains about the event (formula presented); that is, the leakage (formula presented) is the maximum, over (formula presented), of the distance between (formula presented). Typically, this distance is measured in statistical distance, or, in the computational setting, in computational indistinguishability. For this choice, Wullschleger [TCC ’09] showed that if (formula presented) then the protocol can be transformed into an OT protocol. We consider measuring the protocol leakage by the log-ratio distance (which was popularized by its use in the differential privacy framework). The log-ratio distance between X, Y over domain (formula presented) is the minimal (formula presented) for which, for every (formula presented). In the computational setting, we use computational indistinguishability from having log-ratio distance (formula presented). We show that a protocol with (noticeable) accuracy (formula presented) can be transformed into an OT protocol (note that this allows (formula presented). We complete the picture, in this respect, showing that a protocol with (formula presented) does not necessarily imply OT. Our results hold for both the information theoretic and the computational settings, and can be viewed as a “fine grained” approach to “weak OT amplification”. We then use the above result to fully characterize the complexity of differentially private two-party computation for the XOR function, answering the open question put by Goyal, Khurana, Mironov, Pandey, and Sahai, [ICALP ’16] and Haitner, Nissim, Omri, Shaltiel, and Silbak [22] [FOCS ’18]. Specifically, we show that for any (noticeable) (formula presented), a two-party protocol that computes the XOR function with (formula presented)-accuracy and (formula presented)-differential privacy can be transformed into an OT protocol. This improves upon Goyal et al. that only handle (formula presented), and upon Haitner et al. who showed that such a protocol implies (infinitely-often) key agreement (and not OT). Our characterization is tight since OT does not follow from protocols in which (formula presented), and extends to functions (over many bits) that “contain” an “embedded copy” of the XOR function.
AB - Consider a ppt two-party protocol Π = (A, B) in which the parties get no private inputs and obtain outputs OA,OA ∈ {0, 1}, and let VA and VA denote the parties’ individual views. Protocol (formula presented) has (formula presented)-agreement if (formula presented). The leakage of (formula presented) is the amount of information a party obtains about the event (formula presented); that is, the leakage (formula presented) is the maximum, over (formula presented), of the distance between (formula presented). Typically, this distance is measured in statistical distance, or, in the computational setting, in computational indistinguishability. For this choice, Wullschleger [TCC ’09] showed that if (formula presented) then the protocol can be transformed into an OT protocol. We consider measuring the protocol leakage by the log-ratio distance (which was popularized by its use in the differential privacy framework). The log-ratio distance between X, Y over domain (formula presented) is the minimal (formula presented) for which, for every (formula presented). In the computational setting, we use computational indistinguishability from having log-ratio distance (formula presented). We show that a protocol with (noticeable) accuracy (formula presented) can be transformed into an OT protocol (note that this allows (formula presented). We complete the picture, in this respect, showing that a protocol with (formula presented) does not necessarily imply OT. Our results hold for both the information theoretic and the computational settings, and can be viewed as a “fine grained” approach to “weak OT amplification”. We then use the above result to fully characterize the complexity of differentially private two-party computation for the XOR function, answering the open question put by Goyal, Khurana, Mironov, Pandey, and Sahai, [ICALP ’16] and Haitner, Nissim, Omri, Shaltiel, and Silbak [22] [FOCS ’18]. Specifically, we show that for any (noticeable) (formula presented), a two-party protocol that computes the XOR function with (formula presented)-accuracy and (formula presented)-differential privacy can be transformed into an OT protocol. This improves upon Goyal et al. that only handle (formula presented), and upon Haitner et al. who showed that such a protocol implies (infinitely-often) key agreement (and not OT). Our characterization is tight since OT does not follow from protocols in which (formula presented), and extends to functions (over many bits) that “contain” an “embedded copy” of the XOR function.
KW - Differential privacy
KW - Hardness amplification
KW - Oblivious transfer
UR - http://www.scopus.com/inward/record.url?scp=85076985612&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-36030-6_21
DO - 10.1007/978-3-030-36030-6_21
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85076985612
SN - 9783030360290
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 531
EP - 560
BT - Theory of Cryptography - 17th International Conference, TCC 2019, Proceedings
A2 - Hofheinz, Dennis
A2 - Rosen, Alon
PB - Springer
T2 - 17th International Conference on Theory of Cryptography, TCC 2019
Y2 - 1 December 2019 through 5 December 2019
ER -