Can Simultaneous Disclosure Ensure Equal Output in Joint Computation?

  • Thread starter Thread starter Dragonfall
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around the concept of simultaneous disclosure in joint computation, specifically focusing on protocols that allow two parties to obtain outputs that are nearly equal without one party gaining a significant advantage. The conversation touches on classical methods, cryptographic schemes, and theoretical limitations regarding the feasibility of such protocols.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant inquires about a protocol that allows two parties to receive outputs of a joint computation with minimal advantage to either party.
  • Another participant questions whether the topic relates to quantum computing, noting familiarity with similar cryptographic schemes.
  • A participant clarifies that the discussion is focused on classical methods and recalls a specific scenario involving two parties wanting to prove they have the same string without revealing more than necessary.
  • There is a mention of zero-knowledge proofs, but a participant argues that the situation described does not fit that definition.
  • One participant references an IEEE paper but is unable to access it, seeking assistance from others for a copy.
  • Another participant discusses a public key scheme for fair coin flipping, questioning its relevance to the original inquiry.
  • A suggestion is made to explore group signatures and error-correcting codes as potential solutions to the problem posed.
  • Concerns are raised about the need for protocols that do not rely on complexity assumptions, with a mention of a negative result indicating the potential impossibility of the desired outcome.
  • Participants express interest in finding the negative result and discuss the practical challenges of ensuring no party gains an advantage during the computation process.
  • A link to a relevant paper is shared, but a participant notes that it may not fully address the original question regarding sharing information without one party gaining an advantage.
  • Finally, a participant summarizes that the paper indicates the impossibility of achieving the desired outcome without additional assumptions, suggesting a method involving random variables to mitigate advantage.

Areas of Agreement / Disagreement

Participants express differing views on the feasibility of achieving simultaneous disclosure without advantage, with some suggesting potential methods while others highlight limitations and negative results. The discussion remains unresolved regarding the existence of a suitable protocol.

Contextual Notes

Participants reference various cryptographic concepts and protocols, indicating a reliance on specific assumptions and the potential for cheating in the proposed methods. The discussion highlights the complexity of ensuring equal output in joint computation.

Dragonfall
Messages
1,023
Reaction score
5
What is the name of the protocol that let's two parties to simultaneously get an output of a joint computation (within epsilon of certainty of each other)? That is, they don't simultaneously get it, each party gets a little bit at a time, but no party gets more than a fraction of a bit more than the other?
 
Technology news on Phys.org
Is this a quantum computing question? I know of similar schemes in cryptography but there is nothing quite like what you describe that I can remember.
 
No it's entirely classical. I remember learning about it but I don't know what it's called.

One special case of this is that two parties supposedly have the same string S. They want to show each other than they have the same one, but not disclose more than necessary if the other party is cheating. They could disclose one bit at a time, but that gives one party an advantage of 1 bit. It's possible to reduce that to epsilon bit, but I don't remember how.
 
OH.. that's different. Proving you know something is different from calculating it! That's called a zero-knowledge proof.
 
No it's not zero knowledge. I found it here http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=4568055&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D4568055

But I can't access. Does anyone have a copy of that article?
 
In the applied crypto book (2nd ed, p90) there's a public key scheme for fairly flipping a coin without either party being able to cheat, but one party will know the outcome before the other. Is that part terribly important to your goal?

There are a few others but they all generalize to the same thing; e.g. diffie-hellman key exchange. I have to imagine that the IEEE paper relates to one of these (or was proven weak) considering the relative age of the paper vs. available crypto materials like AC.
 
Hey DragonFall.

Have you considered looking for resources on group signatures?

It sounds like a situation where you could construct an error correcting code for the function and combine it with cryptography to tell if someone has cheated or is telling the truth.
 
I need it to not be based on any complexity assumptions. There was a negative result by somebody which may have said that what I want is impossible, but I can't find it.
 
If you find it can you please let me know as well: I'm very interested in this result if you do happen to get it.
 
  • #10
I am interested as well. I'm not aware of any methods that can be used right now in a practical sense that require full disclosure by both parties before either can know the results. At some point, either (or both) parties will be in need of only one more piece of data (otherwise there is no point at which more data does not need to be sent) to determine the coin toss, and at that point, there does not seem to be a way of preventing one party from sending early (same as the other side withholding).
 
  • #12
Thanks, reading! Will be back.
 
  • #13
Well, the paper is interesting (and short! That's rare in crypto.) but doesn't sound like quite what you asked for. How do you propose to use this to share a piece of information of arbitrary length without one potentially getting a 1 bit advantage in knowledge?

There's always the opportunity for one to cheat and not reveal in the final round, e.g. in round 2 of the 2 round example diagram on page 2. There is nothing compelling B to send information to A in step B2 before calculating b.
 
  • #14
Many thanks Dragonfall.
 
  • #15
Yes, the paper says what I ask for is impossible without additional assumptions. The trick is to make it so that you have a random variable that's slightly skewed towards the bit that it actually reflects. Then each round you sample the RV, increasing your confidence. If that's small enough then each party only has negligible advantage.
 

Similar threads

Python Applying Accelerated Raymarching to Reduce Rendering Time
  • · Replies 0 ·
Replies
0
Views
2K
My Website For Creating Interactive Visuals Linked To Equations
  • · Replies 4 ·
Replies
4
Views
4K
Undergrad Understanding the phrase "simultaneity convention"
  • · Replies 127 ·
5
Replies
127
Views
10K
Fast reciprocal square root algorithm
  • · Replies 30 ·
2
Replies
30
Views
8K
  • Sticky
Getting Started With Computers and Programming
  • · Replies 13 ·
Replies
13
Views
8K
Undergrad Understanding Relativity of Simultaneity in Resnick, Part II
  • · Replies 20 ·
Replies
20
Views
3K
High School Further Understanding Simultaneity Conventions
  • · Replies 51 ·
2
Replies
51
Views
5K
Python Unsolvable python code bug? (finding the difference between two input strings)
  • · Replies 2 ·
Replies
2
Views
3K
Derivative of Cost Function with Respect to Output Layer Weight
  • · Replies 31 ·
2
Replies
31
Views
4K
Is Alan Turing given too much credit when it comes to computers?
  • · Replies 29 ·
Replies
29
Views
6K