On privacy and partition arguments

A function and f(x₁,x₂,...,x_n) is said to be t-private if there exists a (randomized) communication protocol for computing f, such that no coalition of at most t participants can infer any additional information from the execution of the protocol other than what follows from their inputs and the value of f. It is known that every n-argument function f defined over finite domains can be computed [n-1/2]-privately. The classes of 1-private two-argument functions and of t-private Boolean functions admit relatively simple characterizations. In contrast, the general question of characterizing the class of t-private functions of n arguments is still open. The only technique that appears in the literature for proving non-t-privacy of a function f(x₁,x₂,...,x_n) over a finite domain, where n ≥ 3 and [n/2] ≤ t ≤ n - 1, uses a reduction to the two-party case via a partition argument. A necessary condition for f being t-private is that for every partition (S: S̄) of the parties {1, 2,..., n} such that both |S| ≤ t and |S| ≤ t, the two-argument function obtained by viewing f as a function of {x_i}_iεS and {x_i}_iεS̄ is 1-private. The question whether the use of such partition reductions together with the two-party characterization is powerful enough to characterize privacy in the multiparty case was raised as an open problem in previous works. These works also exhibit an affirmative answer for specific classes of functions. We answer this question negatively. We show that even if more general partition reductions are used, in which the n parties are partitioned into k sets (2 ≤ k ≤ n - 1) rather than just two, those reductions are still too weak to characterize privacy. On the other hand, we show that increasing the number of sets k does give some extra characterization power.