How to Securely Compute the Modulo-Two Sum of Binary Sources

TL;DR

This paper investigates the communication and randomness requirements for secure computation of the XOR of binary sources in an average-case setting, demonstrating that asymptotic correctness allows for lower resource use than zero-error, perfect privacy scenarios.

Contribution

It introduces an asymptotic analysis of secure XOR computation, showing reduced resource requirements compared to worst-case scenarios, and establishes optimality of these rates.

Findings

Asymptotic correctness reduces communication to the binary entropy of p.

Perfect privacy can be maintained with lower rates under asymptotic error.

No rates smaller than the binary entropy of p are achievable even asymptotically.

Abstract

In secure multiparty computation, mutually distrusting users in a network want to collaborate to compute functions of data which is distributed among the users. The users should not learn any additional information about the data of others than what they may infer from their own data and the functions they are computing. Previous works have mostly considered the worst case context (i.e., without assuming any distribution for the data); Lee and Abbe (2014) is a notable exception. Here, we study the average case (i.e., we work with a distribution on the data) where correctness and privacy is only desired asymptotically. For concreteness and simplicity, we consider a secure version of the function computation problem of K\"orner and Marton (1979) where two users observe a doubly symmetric binary source with parameter p and the third user wants to compute the XOR. We show that the amount of communication and randomness resources required depends on the level of correctness desired. When zero-error and perfect privacy are required, the results of Data et al. (2014) show that it can be achieved if and only if a total rate of 1 bit is communicated between every pair of users and private randomness at the rate of 1 is used up. In contrast, we show here that, if we only want the probability of error to vanish asymptotically in block length, it can be achieved by a lower rate (binary entropy of p) for all the links and for private randomness; this also guarantees perfect privacy. We also show that no smaller rates are possible even if privacy is only required asymptotically.