Private simultaneous message (PSM) protocols were introduced by Feige, Kilian, and Naor (STOC ’94) as a minimal non-interactive model for information theoretic three-party secure computation. While it is known that every function $$f:\{0,1\}^k\times \{0,1\}^k \rightarrow \{0,1\}$$ f : { 0 , 1 } k × { 0 , 1 } k → { 0 , 1 } admits a PSM protocol with exponential communication of $$2^{k/2}$$ 2 k / 2 (Beimel et al., TCC ’14), the best known (non-explicit) lower-bound is $$3k-O(1)$$ 3 k - O ( 1 ) bits. To prove this lower-bound, FKN identified a set of simple requirements, showed that any function that satisfies these requirements is subject to the $$3k-O(1)$$ 3 k - O ( 1 ) lower-bound, and proved that a random function is likely to satisfy the requirements. We revisit the FKN lower-bound and prove the following results: (Counterexample) We construct a function that satisfies the FKN requirements but has a PSM protocol with communication of $$2k+O(1)$$ 2 k + O ( 1 ) bits, revealing a gap in the FKN proof. (PSM lower-bounds) We show that by imposing additional requirements, the FKN argument can be fixed leading to a $$3k-O(\log k)$$ 3 k - O ( log k ) lower-bound for a random function. We also get a similar lower-bound for a function that can be computed by a polynomial-size circuit (or even polynomial-time Turing machine under standard complexity-theoretic assumptions). This yields the first non-trivial lower-bound for an explicit Boolean function partially resolving an open problem of Data, Prabhakaran, and Prabhakaran (Crypto ’14, IEEE Information Theory ’16). We further extend these results to the setting of imperfect PSM protocols which may have small correctness or privacy error. (CDS lower-bounds) We show that the original FKN argument applies (as is) to some weak form of PSM protocols which are strongly related to the setting of Conditional Disclosure of Secrets (CDS). This connection yields a simple combinatorial criterion for establishing linear $$\varOmega (k)$$ Ω ( k ) -bit CDS lower-bounds. As a corollary, we settle the complexity of the inner-product predicate resolving an open problem of Gay, Kerenidis, and Wee (Crypto ’15).

中文翻译：

---

私人同步消息的通信复杂性，重新审视

私有同步消息 (PSM) 协议由 Feige、Kilian 和 Naor (STOC '94) 引入，作为用于信息理论三方安全计算的最小非交互模型。虽然已知每个函数 $$f:\{0,1\}^k\times \{0,1\}^k \rightarrow \{0,1\}$$ f : { 0 , 1 } k × { 0 , 1 } k → { 0 , 1 } 承认 PSM 协议的指数通信为 $2^{k/2}$$ 2 k / 2 (Beimel et al., TCC '14)，最著名的 (非显式）下限是 $$3kO(1)$$ 3 k - O ( 1 ) 位。为了证明这个下界，FKN 确定了一组简单的要求，表明任何满足这些要求的函数都服从 $$3kO(1)$$3 k - O(1) 下界，并证明了一个随机函数很可能满足要求。我们重新审视 FKN 下界并证明以下结果：（反例）我们构造了一个满足 FKN 要求但具有 PSM 协议的函数，该协议具有 $$2k+O(1)$$$2 k + O ( 1 ) 位的通信，揭示了 FKN 证明中的差距。（PSM 下界）我们表明，通过施加额外的要求，可以固定 FKN 参数，从而导致随机函数的 $$3kO(\log k)$$$3 k - O ( log k ) 下限。对于可以由多项式大小的电路（甚至在标准复杂性理论假设下的多项式时间图灵机）计算的函数，我们也得到了类似的下限。这产生了显式布尔函数的第一个非平凡下界，部分解决了 Data、Prabhakaran 和 Prabhakaran 的开放问题（Crypto '14，IEEE Information Theory '16）。我们进一步将这些结果扩展到不完善的 PSM 协议的设置，这些协议可能具有较小的正确性或隐私错误。（CDS 下限）我们表明，原始 FKN 论点适用（按原样）某些弱形式的 PSM 协议，这些形式与条件公开 (CDS) 的设置密切相关。这种联系产生了一个简单的组合标准，用于建立线性 $$\varOmega (k)$$ Ω ( k ) -bit CDS 下界。作为推论，我们解决了内积谓词的复杂性，解决了 Gay、Kerenidis 和 Wee (Crypto '15) 的开放问题。这种联系产生了一个简单的组合标准，用于建立线性 $$\varOmega (k)$$ Ω ( k ) -bit CDS 下界。作为推论，我们解决了内积谓词的复杂性，解决了 Gay、Kerenidis 和 Wee (Crypto '15) 的开放问题。这种联系产生了一个简单的组合标准，用于建立线性 $$\varOmega (k)$$ Ω ( k ) -bit CDS 下界。作为推论，我们解决了内积谓词的复杂性，解决了 Gay、Kerenidis 和 Wee (Crypto '15) 的开放问题。