Two Party Distribution Testing: Communication and Security

2022

We derive minimax testing errors in a distributed framework where the data is split over multiple machines and their communication to a central machine is limited to b bits. We investigate both the dand infinite-dimensional signal detection problem under Gaussian white noise. We also derive distributed testing algorithms reaching the theoretical lower bounds. Our results show that distributed testing is subject to fundamentally different phenomena that are not observed in distributed estimation. Among our findings, we show that testing protocols that have access to shared randomness can perform strictly better in some regimes than those that do not. Furthermore, we show that consistent nonparametric distributed testing is always possible, even with as little as 1-bit of communication and the corresponding test outperforms the best local test using only the information available at a single local machine.

Information and Computation, 1996

Proceedings of the Twenty-Fifth Annual ACM-SIAM Symposium on Discrete Algorithms, 2013

We study the question of closeness testing for two discrete distributions. More precisely, given samples from two distributions p and q over an n-element set, we wish to distinguish whether p = q versus p is at least ε-far from q, in either ℓ 1 or ℓ 2 distance. Batu et al [BFR + 00, BFR + 13] gave the first sub-linear time algorithms for these problems, which matched the lower bounds of [Val11] up to a logarithmic factor in n, and a polynomial factor of ε.

Advances in Cryptology – EUROCRYPT 2014, 2014

We settle a long standing open problem which has pursued a full characterization of completeness of (potentially randomized) finite functions for 2-party computation that is secure against active adversaries. Since the first such complete function was discovered [Kilian, FOCS 1988], the question of which finite 2-party functions are complete has been studied extensively, leading to characterization in many special cases. In this work, we completely settle this problem. We provide a polynomial time algorithm to test whether a 2-party finite secure function evaluation (SFE) functionality (possibly randomized) is complete or not. The main tools in our solution include: -A formal linear algebraic notion of redundancy in a general 2-party randomized function. -A notion of statistically testable games. A kind of interactive proof in the information-theoretic setting where both parties are computationally unbounded but differ in their knowledge of a secret. -An extension of the (weak) converse of Shannon's channel coding theorem, where an adversary can adaptively choose the channel based on its view. We show that any function f , if complete, can implement any (randomized) circuit C using only O(|C| + κ) calls to f , where κ is the statistical security parameter. In particular, for any two-party functionality g, this establishes a universal notion of its quantitative "cryptographic complexity" independent of the setup and has close connections to circuit complexity.

SIAM Journal on Computing, 2008

We study the round complexity of two-party protocols for generating a random nbit string such that the output is guaranteed to have bounded bias (according to some measure) even if one of the two parties deviates from the protocol (even using unlimited computational resources). Specifically, we require that the output's statistical difference from the uniform distribution on {0, 1} n is bounded by a constant less than 1. We present a protocol for the above problem that has 2 log * n + O(1) rounds, improving a previous 2n-round protocol of Goldreich, Goldwasser, and Linial (FOCS '91). Like the GGL protocol, our protocol actually provides a stronger guarantee, ensuring that the output lands in any set T ⊆ {0, 1} n of density µ with probability at most O(√ µ + δ), where δ is an arbitarily small constant. We then prove a matching lower bound, showing that any protocol guaranteeing bounded statistical difference requires at least log * n − log * log * n − O(1) rounds. As far as we know, this is the first nontrivial lower bound on the round complexity of random selection protocols (of any type) that does not impose additional constraints (e.g. on communication or "simulatability"). We also prove several results for the case when the output's bias is measured by the maximum multiplicative factor by which a party can increase the probability of a set T ⊆ {0, 1} n .

Lecture Notes in Computer Science, 1991

We consider the communication complexity of secure multiparty computations by networks of processors each with unlimited computing power. Say that an n-party protocol for a function of m bits is efficient if it uses a constant number of rounds of communication and a total number of message bits that is polynomial in max(m, n). We show that any function has an efficient protocol that achieves (rclog n)/m resilience. Ours is the first secure multiparty protocol in which the communication complexity is independent of the computational complexity of the function being computed. We also consider the communication complexity of zero-knowledge proofs of properties of committed bits. We show that every function / of m bits has an efficient notarized envelope scheme; that is, there is a protocol in which a computationally unlimited prover commits a sequence of bits x to a computationally unlimited verifier and then proves in perfect zero-knowledge (without decommitting x) that f(x) = 1, using a constant number of rounds and poly(m) message bits. Ours is the first notarized envelope scheme in which the communication complexity is independent of the computational complexity of /. Finally, we establish a new upper bound on the number of oracles needed in instance-hiding schemes for arbitrary functions. These schemes allow a computationally limited querier to capitalize on the superior power of one or more computationally unlimited oracles in order to obtain f(x) without revealing its private input x to any one of the oracles. We show that every function of m bits has an (m/logm)-oracle instance-hiding scheme. The central technique used in all of these results is locally random reducibility, which was used for the first time in [7] and is formally defined for the first time here. In addition to the applications that we present, locally random reducibility has been applied to interactive proof systems, program checking, and program testing.

Theoretical Computer Science, 2013

We consider an instance of the following problem: Parties P 1 , . . . , P k each receive an input x i , and a coordinator (distinct from each of these parties) wishes to compute f (x 1 , . . . , x k ) for some predicate f . We are interested in one-round protocols where each party sends a single message to the coordinator; there is no communication between the parties themselves. What is the minimum communication complexity needed to compute f , possibly with bounded error? We prove tight bounds on the one-round communication complexity when f corresponds to the promise problem of distinguishing sums (namely, determining which of two possible values the {x i } sum to) or the problem of determining whether the {x i } sum to a particular value. Similar problems were studied previously by Nisan and in concurrent work by Viola. Our proofs rely on basic theorems from additive combinatorics, but are otherwise elementary.

34th International Symposium on Mathematical Foundations of Computer Science (MFCS'09), 2009

We study a model of communication complexity that encompasses many well-studied problems, including classical and quantum communication complexity, the complexity of simulating distributions arising from bipartite measurements of shared quantum states, and XOR games. In this model, Alice gets an input x, Bob gets an input y, and their goal is to each produce an output a, b distributed according to some pre-specified joint distribution p(a, b|x, y). Our results apply to any non-signaling distribution, that is, those where Alice's marginal distribution does not depend on Bob's input, and vice versa.

Consider the following general communication problem: Alice and Bob have to simulate a probabilistic function p, that with every (x, y) ∈ X ×Y associates a probability distribution on A × B. The two parties, upon receiving inputs x and y, need to output a ∈ A, b ∈ B in such a manner that the (a, b) pair is distributed according to p(x, y). They share randomness (this is their only source of randomness), and have access to a channel that allows two-ways communication. Our main focus is an instance of the above problem coming from the well known EPR experiment in quantum physics, but we also present some more general facts about this rather young and promising complexity measure. The results contained herein are entirely classical and no knowledge of the quantum phenomenon is assumed. Different notions of complexity may be defined for this problem. Due to an upper bound by Toner and Bacon [TB03], and a matching lower bound by Barrett, Kent and Pironio [BKP06], the average and worst-ca...

IACR Cryptol. ePrint Arch., 2020

Network latency is a significant source of inefficiency in interactive protocols. This work contributes towards the possibility of reducing the round complexity and communication complexity of secure computation protocols to a minimum. We introduce the concept of secure noninteractive simulation of joint distributions. Two parties begin with multiple independent samples from a correlated randomness source. Next, our objective is to investigate what forms of joint distributions can Alice and Bob securely simulate without any further communication. This offline preprocessing step fits perfectly within the offline-online paradigm of secure computation, which enables general secure computation even against parties with unbounded computational power. One may interpret this concept as imbuing the notion of non-interactive simulation of joint distributions, which initiated from the seminal works of Gács and Körner (1972), and Wyner (1975), in information theory with cryptographic security....