{"id":368534,"date":"2017-03-02T12:52:36","date_gmt":"2017-03-02T20:52:36","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-research-item&#038;p=368534"},"modified":"2018-10-16T21:38:29","modified_gmt":"2018-10-17T04:38:29","slug":"cryptographic-complexity-worst-functions","status":"publish","type":"msr-research-item","link":"https:\/\/www.microsoft.com\/en-us\/research\/publication\/cryptographic-complexity-worst-functions\/","title":{"rendered":"On the Cryptographic Complexity of the Worst Functions"},"content":{"rendered":"<p class=\"Para\">We study the complexity of realizing the \u201cworst\u201d functions in several standard models of information-theoretic cryptography. In particular, for the case of security against passive adversaries, we obtain the following main results.<\/p>\n<div class=\"Para\">\n<div class=\"UnorderedList\">\n<ul class=\"UnorderedListMarkBullet\">\n<li>\n<p class=\"Para\"><strong class=\"EmphasisTypeBold \">OT complexity of secure two-party computation.<\/strong> Every function <em class=\"EmphasisTypeItalic \">f<\/em>:[<em class=\"EmphasisTypeItalic \">N<\/em>]\u00d7[<em class=\"EmphasisTypeItalic \">N<\/em>]\u2009\u2192\u2009{0,1} can be securely evaluated using <span id=\"IEq1\" class=\"InlineEquation\"><span id=\"MathJax-Element-1-Frame\" class=\"MathJax\" style=\"border: 0px; font-style: normal; font-variant: inherit; font-weight: normal; font-stretch: inherit; font-size: 13px; line-height: normal; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline; outline: 0px; display: inline; text-indent: 0px; text-align: left; text-transform: none; letter-spacing: normal; word-spacing: normal; word-wrap: normal; white-space: nowrap; float: none; direction: ltr; max-width: none; max-height: none; min-width: 0px; min-height: 0px; position: relative;\" tabindex=\"0\" data-mathml=\"<math xmlns=\"http:\/\/www.w3.org\/1998\/Math\/MathML\"><mrow class=\"MJX-TeXAtom-ORD\"><mover><mi>O<\/mi><mo stretchy=\"false\">&#x007E;<\/mo><\/mover><\/mrow><mrow class=\"MJX-TeXAtom-ORD\"><mo stretchy=\"false\">(<\/mo><msup><mi>N<\/mi><mrow class=\"MJX-TeXAtom-ORD\"><mn>2<\/mn><mrow class=\"MJX-TeXAtom-ORD\"><mo>\/<\/mo><\/mrow><mn>3<\/mn><\/mrow><\/msup><mo stretchy=\"false\">)<\/mo><\/mrow><\/math>\"><span id=\"MathJax-Span-1\" class=\"math\"><span id=\"MathJax-Span-2\" class=\"mrow\"><span id=\"MathJax-Span-3\" class=\"texatom\"><span id=\"MathJax-Span-4\" class=\"mrow\"><span id=\"MathJax-Span-5\" class=\"munderover\"><span id=\"MathJax-Span-6\" class=\"mi\">O<\/span><span id=\"MathJax-Span-7\" class=\"mo\">~<\/span><\/span><\/span><\/span><span id=\"MathJax-Span-8\" class=\"texatom\"><span id=\"MathJax-Span-9\" class=\"mrow\"><span id=\"MathJax-Span-10\" class=\"mo\">(<\/span><span id=\"MathJax-Span-11\" class=\"msubsup\"><span id=\"MathJax-Span-12\" class=\"mi\">N<\/span><span id=\"MathJax-Span-13\" class=\"texatom\"><span id=\"MathJax-Span-14\" class=\"mrow\"><span id=\"MathJax-Span-15\" class=\"mn\">2<\/span><span id=\"MathJax-Span-16\" class=\"texatom\"><span id=\"MathJax-Span-17\" class=\"mrow\"><span id=\"MathJax-Span-18\" class=\"mo\">\/<\/span><\/span><\/span><span id=\"MathJax-Span-19\" class=\"mn\">3<\/span><\/span><\/span><\/span><span id=\"MathJax-Span-20\" class=\"mo\">)<\/span><\/span><\/span><\/span><\/span><span class=\"MJX_Assistive_MathML\">O~(N2\/3)<\/span><\/span><\/span> invocations of an oblivious transfer oracle. A similar result holds for securely sampling a uniform pair of outputs from a set <em class=\"EmphasisTypeItalic \">S<\/em>\u2009\u2286\u2009[<em class=\"EmphasisTypeItalic \">N<\/em>]\u00d7[<em class=\"EmphasisTypeItalic \">N<\/em>].<\/p>\n<\/li>\n<li>\n<p class=\"Para\"><strong class=\"EmphasisTypeBold \">Correlated randomness complexity of secure two-party computation.<\/strong> Every function <em class=\"EmphasisTypeItalic \">f<\/em>:[<em class=\"EmphasisTypeItalic \">N<\/em>]\u00d7[<em class=\"EmphasisTypeItalic \">N<\/em>]\u2009\u2192\u2009{0,1} can be securely evaluated using <span id=\"IEq2\" class=\"InlineEquation\"><span id=\"MathJax-Element-2-Frame\" class=\"MathJax\" style=\"border: 0px; font-style: normal; font-variant: inherit; font-weight: normal; font-stretch: inherit; font-size: 13px; line-height: normal; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline; outline: 0px; display: inline; text-indent: 0px; text-align: left; text-transform: none; letter-spacing: normal; word-spacing: normal; word-wrap: normal; white-space: nowrap; float: none; direction: ltr; max-width: none; max-height: none; min-width: 0px; min-height: 0px; position: relative;\" tabindex=\"0\" data-mathml=\"<math xmlns=\"http:\/\/www.w3.org\/1998\/Math\/MathML\"><msup><mn>2<\/mn><mrow class=\"MJX-TeXAtom-ORD\"><mrow class=\"MJX-TeXAtom-ORD\"><mover><mi>O<\/mi><mo stretchy=\"false\">&#x007E;<\/mo><\/mover><\/mrow><mrow class=\"MJX-TeXAtom-ORD\"><msqrt><mi>log<\/mi><mo>&#x2061;<\/mo><mi>N<\/mi><\/msqrt><\/mrow><\/mrow><\/msup><\/math>\"><span id=\"MathJax-Span-21\" class=\"math\"><span id=\"MathJax-Span-22\" class=\"mrow\"><span id=\"MathJax-Span-23\" class=\"msubsup\"><span id=\"MathJax-Span-24\" class=\"mn\">2<\/span><span id=\"MathJax-Span-25\" class=\"texatom\"><span id=\"MathJax-Span-26\" class=\"mrow\"><span id=\"MathJax-Span-27\" class=\"texatom\"><span id=\"MathJax-Span-28\" class=\"mrow\"><span id=\"MathJax-Span-29\" class=\"munderover\"><span id=\"MathJax-Span-30\" class=\"mi\">O<\/span><span id=\"MathJax-Span-31\" class=\"mo\">~<\/span><\/span><\/span><\/span><span id=\"MathJax-Span-32\" class=\"texatom\"><span id=\"MathJax-Span-33\" class=\"mrow\"><span id=\"MathJax-Span-34\" class=\"msqrt\"><span id=\"MathJax-Span-35\" class=\"mrow\"><span id=\"MathJax-Span-36\" class=\"mi\">log<\/span><span id=\"MathJax-Span-37\" class=\"mo\"><\/span><span id=\"MathJax-Span-38\" class=\"mi\">N<\/span><\/span>\u221a<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span class=\"MJX_Assistive_MathML\">2O~log\u2061N<\/span><\/span><\/span> bits of correlated randomness.<\/p>\n<\/li>\n<li>\n<p class=\"Para\"><strong class=\"EmphasisTypeBold \">Communication complexity of private simultaneous messages.<\/strong> Every function <em class=\"EmphasisTypeItalic \">f<\/em>:[<em class=\"EmphasisTypeItalic \">N<\/em>]\u00d7[<em class=\"EmphasisTypeItalic \">N<\/em>]\u2009\u2192\u2009{0,1} can be securely evaluated in the non-interactive model of Feige, Kilian, and Naor (STOC 1994) with messages of length <span id=\"IEq3\" class=\"InlineEquation\"><span id=\"MathJax-Element-3-Frame\" class=\"MathJax\" style=\"border: 0px; font-style: normal; font-variant: inherit; font-weight: normal; font-stretch: inherit; font-size: 13px; line-height: normal; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline; outline: 0px; display: inline; text-indent: 0px; text-align: left; text-transform: none; letter-spacing: normal; word-spacing: normal; word-wrap: normal; white-space: nowrap; float: none; direction: ltr; max-width: none; max-height: none; min-width: 0px; min-height: 0px; position: relative;\" tabindex=\"0\" data-mathml=\"<math xmlns=\"http:\/\/www.w3.org\/1998\/Math\/MathML\"><mi>O<\/mi><mo stretchy=\"false\">(<\/mo><msqrt><mi>N<\/mi><\/msqrt><mo stretchy=\"false\">)<\/mo><\/math>\"><span id=\"MathJax-Span-39\" class=\"math\"><span id=\"MathJax-Span-40\" class=\"mrow\"><span id=\"MathJax-Span-41\" class=\"mi\">O<\/span><span id=\"MathJax-Span-42\" class=\"mo\">(<\/span><span id=\"MathJax-Span-43\" class=\"msqrt\"><span id=\"MathJax-Span-44\" class=\"mrow\"><span id=\"MathJax-Span-45\" class=\"mi\">N<\/span><\/span>\u2212\u2212\u221a<\/span><span id=\"MathJax-Span-46\" class=\"mo\">)<\/span><\/span><\/span><span class=\"MJX_Assistive_MathML\">O(N)<\/span><\/span><\/span>.<\/p>\n<\/li>\n<li>\n<p class=\"Para\"><strong class=\"EmphasisTypeBold \">Share complexity of forbidden graph access structures.<\/strong> For every graph <em class=\"EmphasisTypeItalic \">G<\/em> on <em class=\"EmphasisTypeItalic \">N<\/em> nodes, there is a secret-sharing scheme for <em class=\"EmphasisTypeItalic \">N<\/em> parties in which each pair of parties can reconstruct the secret if and only if the corresponding nodes in <em class=\"EmphasisTypeItalic \">G<\/em> are connected, and where each party gets a share of size <span id=\"IEq4\" class=\"InlineEquation\"><span id=\"MathJax-Element-4-Frame\" class=\"MathJax\" style=\"border: 0px; font-style: normal; font-variant: inherit; font-weight: normal; font-stretch: inherit; font-size: 13px; line-height: normal; font-family: inherit; margin: 0px; padding: 0px; vertical-align: baseline; outline: 0px; display: inline; text-indent: 0px; text-align: left; text-transform: none; letter-spacing: normal; word-spacing: normal; word-wrap: normal; white-space: nowrap; float: none; direction: ltr; max-width: none; max-height: none; min-width: 0px; min-height: 0px; position: relative;\" tabindex=\"0\" data-mathml=\"<math xmlns=\"http:\/\/www.w3.org\/1998\/Math\/MathML\"><mrow class=\"MJX-TeXAtom-ORD\"><mover><mi>O<\/mi><mo stretchy=\"false\">&#x007E;<\/mo><\/mover><\/mrow><mrow class=\"MJX-TeXAtom-ORD\"><msqrt><mi>N<\/mi><\/msqrt><\/mrow><\/math>\"><span id=\"MathJax-Span-47\" class=\"math\"><span id=\"MathJax-Span-48\" class=\"mrow\"><span id=\"MathJax-Span-49\" class=\"texatom\"><span id=\"MathJax-Span-50\" class=\"mrow\"><span id=\"MathJax-Span-51\" class=\"munderover\"><span id=\"MathJax-Span-52\" class=\"mi\">O<\/span><span id=\"MathJax-Span-53\" class=\"mo\">~<\/span><\/span><\/span><\/span><span id=\"MathJax-Span-54\" class=\"texatom\"><span id=\"MathJax-Span-55\" class=\"mrow\"><span id=\"MathJax-Span-56\" class=\"msqrt\"><span id=\"MathJax-Span-57\" class=\"mrow\"><span id=\"MathJax-Span-58\" class=\"mi\">N<\/span><\/span>\u2212\u2212\u221a<\/span><\/span><\/span><\/span><\/span><span class=\"MJX_Assistive_MathML\">O~N<\/span><\/span><\/span>.<\/p>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<p class=\"Para\">The worst-case complexity of the best previous solutions was \u03a9(<em class=\"EmphasisTypeItalic \">N<\/em>) for the first three problems and \u03a9(<em class=\"EmphasisTypeItalic \">N<\/em>\/log<em class=\"EmphasisTypeItalic \">N<\/em>) for the last one. The above results are obtained by applying general transformations to variants of private information retrieval (PIR) protocols from the literature, where different flavors of PIR are required for different applications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We study the complexity of realizing the \u201cworst\u201d functions in several standard models of information-theoretic cryptography. In particular, for the case of security against passive adversaries, we obtain the following main results. OT complexity of secure two-party computation. Every function f:[N]\u00d7[N]\u2009\u2192\u2009{0,1} can be securely evaluated using O~(N2\/3)O~(N2\/3) invocations of an oblivious transfer oracle. A similar [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr-author-ordering":null,"msr_publishername":"Springer Berlin Heidelberg","msr_publisher_other":"","msr_booktitle":"","msr_chapter":"","msr_edition":"","msr_editors":"","msr_how_published":"","msr_isbn":"","msr_issue":"","msr_journal":"","msr_number":"","msr_organization":"","msr_pages_string":"317-342","msr_page_range_start":"317","msr_page_range_end":"342","msr_series":"","msr_volume":"8349","msr_copyright":"","msr_conference_name":"Theory of Cryptography","msr_doi":"10.1007\/978-3-642-54242-8_14","msr_arxiv_id":"","msr_s2_paper_id":"","msr_mag_id":"","msr_pubmed_id":"","msr_other_authors":"","msr_other_contributors":"","msr_speaker":"","msr_award":"","msr_affiliation":"","msr_institution":"","msr_host":"","msr_version":"","msr_duration":"","msr_original_fields_of_study":"","msr_release_tracker_id":"","msr_s2_match_type":"","msr_citation_count_updated":"","msr_published_date":"2014-02-24","msr_highlight_text":"","msr_notes":"","msr_longbiography":"","msr_publicationurl":"https:\/\/link.springer.com\/chapter\/10.1007%2F978-3-642-54242-8_14","msr_external_url":"","msr_secondary_video_url":"","msr_conference_url":"","msr_journal_url":"","msr_s2_pdf_url":"","msr_year":0,"msr_citation_count":0,"msr_influential_citations":0,"msr_reference_count":0,"msr_s2_match_confidence":0,"msr_microsoftintellectualproperty":true,"msr_s2_open_access":false,"msr_s2_author_ids":[],"msr_pub_ids":[],"msr_hide_image_in_river":0,"footnotes":""},"msr-research-highlight":[],"research-area":[13561,13558],"msr-publication-type":[193716],"msr-publisher":[],"msr-focus-area":[],"msr-locale":[268875],"msr-post-option":[],"msr-field-of-study":[],"msr-conference":[],"msr-journal":[],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-368534","msr-research-item","type-msr-research-item","status-publish","hentry","msr-research-area-algorithms","msr-research-area-security-privacy-cryptography","msr-locale-en_us"],"msr_publishername":"Springer Berlin Heidelberg","msr_edition":"","msr_affiliation":"","msr_published_date":"2014-02-24","msr_host":"","msr_duration":"","msr_version":"","msr_speaker":"","msr_other_contributors":"","msr_booktitle":"","msr_pages_string":"317-342","msr_chapter":"","msr_isbn":"","msr_journal":"","msr_volume":"8349","msr_number":"","msr_editors":"","msr_series":"","msr_issue":"","msr_organization":"","msr_how_published":"","msr_notes":"","msr_highlight_text":"","msr_release_tracker_id":"","msr_original_fields_of_study":"","msr_download_urls":"","msr_external_url":"","msr_secondary_video_url":"","msr_longbiography":"","msr_microsoftintellectualproperty":1,"msr_main_download":"368858","msr_publicationurl":"https:\/\/link.springer.com\/chapter\/10.1007%2F978-3-642-54242-8_14","msr_doi":"10.1007\/978-3-642-54242-8_14","msr_publication_uploader":[{"type":"file","title":"BIKK","viewUrl":"https:\/\/www.microsoft.com\/en-us\/research\/wp-content\/uploads\/2017\/03\/BIKK.pdf","id":368858,"label_id":0},{"type":"url","title":"https:\/\/link.springer.com\/chapter\/10.1007%2F978-3-642-54242-8_14","viewUrl":false,"id":false,"label_id":0},{"type":"doi","title":"10.1007\/978-3-642-54242-8_14","viewUrl":false,"id":false,"label_id":0}],"msr_related_uploader":"","msr_citation_count":0,"msr_citation_count_updated":"","msr_s2_paper_id":"","msr_influential_citations":0,"msr_reference_count":0,"msr_arxiv_id":"","msr_s2_author_ids":[],"msr_s2_open_access":false,"msr_s2_pdf_url":null,"msr_attachments":[{"id":0,"url":"https:\/\/link.springer.com\/chapter\/10.1007%2F978-3-642-54242-8_14"}],"msr-author-ordering":[{"type":"text","value":"Amos Beimel","user_id":0,"rest_url":false},{"type":"text","value":"Yuval Ishai","user_id":0,"rest_url":false},{"type":"user_nicename","value":"rakumare","user_id":36197,"rest_url":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/microsoft-research\/v1\/researchers?person=rakumare"},{"type":"text","value":"Eyal Kushilevitz","user_id":0,"rest_url":false}],"msr_impact_theme":[],"msr_research_lab":[],"msr_event":[],"msr_group":[],"msr_project":[],"publication":[],"video":[],"msr-tool":[],"msr_publication_type":"inproceedings","related_content":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/368534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-research-item"}],"version-history":[{"count":2,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/368534\/revisions"}],"predecessor-version":[{"id":537650,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/368534\/revisions\/537650"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=368534"}],"wp:term":[{"taxonomy":"msr-research-highlight","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-highlight?post=368534"},{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=368534"},{"taxonomy":"msr-publication-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-publication-type?post=368534"},{"taxonomy":"msr-publisher","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-publisher?post=368534"},{"taxonomy":"msr-focus-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-focus-area?post=368534"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=368534"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=368534"},{"taxonomy":"msr-field-of-study","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-field-of-study?post=368534"},{"taxonomy":"msr-conference","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-conference?post=368534"},{"taxonomy":"msr-journal","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-journal?post=368534"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=368534"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=368534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}