|
Abstract : |
Each of two parties PX and P Y holds an n-bit input, x and y, respectively. They wish to privately compute the value of f(x; y). That is, PX should not learn any additional information about y (in the information-theoretic sense) other than what follows from its input x and the function value, f(x; y), and similarly, P Y should not learn any additional information about x. In this paper we consider two basic questions in the theory of private computations: 1. Which functions can be privately computed? 2. What is the communication complexity of protocols that privately compute a function f (in the case that such protocols exist)? A complete combinatorial characterization of privately computable functions is given. We use this characterization to derive tight bounds on the rounds complexity of any privately computable function, and to design optimal private protocols that compute these functions. We show that for every 1 g(n) 2 \Delta 2 n there are functions that can be privately computed with g(n)-rounds of communication, but not with g(n) \Gamma 1-rounds of communication. This implies that the communication costs of private protocols can be exponentially higher than the communication costs of non-private protocols. Interestingly, randomization helps neither to increase the set of privately computable functions, nor to improve the rounds complexity of these functions. 1, |
