TY - JOUR
T1 - Randomizing polynomials
T2 - A new representation with applications to round-efficient secure computation
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
PY - 2000
Y1 - 2000
N2 - Motivated by questions about secure multi-party computation, we introduce and study a new natural representation of functions by polynomials, which we term randomizing polynomials. `Standard' low-degree polynomials over a finite field are easy to compute with a small number of communication rounds in virtually any setting for secure computation. However, most Boolean functions cannot be evaluated by a polynomial whose degree is smaller than their input size. We get around this barrier by relaxing the requirement of evaluating f into a weaker requirement of randomizing f: mapping the inputs off along with independent random inputs into a vector of outputs, whose distribution depends only on the value of f. We show that degree-3 polynomials are sufficient to randomize any function f, relating the efficiency of such a randomization to the branching program size off. On the other hand, by characterizing the exact class of Boolean functions which can be randomized by degree-2 polynomials, we show that 3 is the minimal randomization degree of most functions. As an application, randomizing polynomials provide a powerful, general, and conceptually simple tool for the design of round-efficient secure protocols. Specifically, the secure evaluation of any function can be reduced to a secure evaluation of degree-3 polynomials.
AB - Motivated by questions about secure multi-party computation, we introduce and study a new natural representation of functions by polynomials, which we term randomizing polynomials. `Standard' low-degree polynomials over a finite field are easy to compute with a small number of communication rounds in virtually any setting for secure computation. However, most Boolean functions cannot be evaluated by a polynomial whose degree is smaller than their input size. We get around this barrier by relaxing the requirement of evaluating f into a weaker requirement of randomizing f: mapping the inputs off along with independent random inputs into a vector of outputs, whose distribution depends only on the value of f. We show that degree-3 polynomials are sufficient to randomize any function f, relating the efficiency of such a randomization to the branching program size off. On the other hand, by characterizing the exact class of Boolean functions which can be randomized by degree-2 polynomials, we show that 3 is the minimal randomization degree of most functions. As an application, randomizing polynomials provide a powerful, general, and conceptually simple tool for the design of round-efficient secure protocols. Specifically, the secure evaluation of any function can be reduced to a secure evaluation of degree-3 polynomials.
UR - http://www.scopus.com/inward/record.url?scp=0034507841&partnerID=8YFLogxK
U2 - 10.1109/SFCS.2000.892118
DO - 10.1109/SFCS.2000.892118
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:0034507841
SN - 0272-5428
SP - 294
EP - 304
JO - Annual Symposium on Foundations of Computer Science - Proceedings
JF - Annual Symposium on Foundations of Computer Science - Proceedings
ER -