Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Low-degree Security of the Planted Random Subgraph Problem

Andrej Bogdanov, Chris Jones, Alon Rosen, Ilias Zadik

TL;DR

The paper proves low-degree hardness for detecting planted random subgraphs in the full regime $k \le n^{1 - \Omega(1)}$, improving prior bounds and extending to $r$-uniform hypergraphs. It employs a low-degree polynomial framework with an averaging over the planted subgraph $H$, combined with a Fourier-Walsh analysis and a replica method, to bound the degree-$D$ likelihood ratio and its higher moments; the core technical contribution is a pair of propositions that tightly bound contributions from small and large vertex sets. These hardness results enable cryptographic applications: a hypergraph secret sharing scheme with leakage tolerance achieving share size $(1+o(1))\log k$, and communication-efficient multiparty private simultaneous messages for random functions with near-optimal parameters. Together, the results deepen the hardness landscape for planted random subgraph problems and yield practical, provably secure cryptographic primitives under the low-degree paradigm.

Abstract

The planted random subgraph detection conjecture of Abram et al. (TCC 2023) asserts the pseudorandomness of a pair of graphs $(H, G)$, where $G$ is an Erdos-Renyi random graph on $n$ vertices, and $H$ is a random induced subgraph of $G$ on $k$ vertices. Assuming the hardness of distinguishing these two distributions (with two leaked vertices), Abram et al. construct communication-efficient, computationally secure (1) 2-party private simultaneous messages (PSM) and (2) secret sharing for forbidden graph structures. We prove the low-degree hardness of detecting planted random subgraphs all the way up to $k\leq n^{1 - Ω(1)}$. This improves over Abram et al.'s analysis for $k \leq n^{1/2 - Ω(1)}$. The hardness extends to $r$-uniform hypergraphs for constant $r$. Our analysis is tight in the distinguisher's degree, its advantage, and in the number of leaked vertices. Extending the constructions of Abram et al, we apply the conjecture towards (1) communication-optimal multiparty PSM protocols for random functions and (2) bit secret sharing with share size $(1 + ε)\log n$ for any $ε> 0$ in which arbitrary minimal coalitions of up to $r$ parties can reconstruct and secrecy holds against all unqualified subsets of up to $\ell = o(ε\log n)^{1/(r-1)}$ parties.

Low-degree Security of the Planted Random Subgraph Problem

TL;DR

The paper proves low-degree hardness for detecting planted random subgraphs in the full regime , improving prior bounds and extending to -uniform hypergraphs. It employs a low-degree polynomial framework with an averaging over the planted subgraph , combined with a Fourier-Walsh analysis and a replica method, to bound the degree- likelihood ratio and its higher moments; the core technical contribution is a pair of propositions that tightly bound contributions from small and large vertex sets. These hardness results enable cryptographic applications: a hypergraph secret sharing scheme with leakage tolerance achieving share size , and communication-efficient multiparty private simultaneous messages for random functions with near-optimal parameters. Together, the results deepen the hardness landscape for planted random subgraph problems and yield practical, provably secure cryptographic primitives under the low-degree paradigm.

Abstract

The planted random subgraph detection conjecture of Abram et al. (TCC 2023) asserts the pseudorandomness of a pair of graphs , where is an Erdos-Renyi random graph on vertices, and is a random induced subgraph of on vertices. Assuming the hardness of distinguishing these two distributions (with two leaked vertices), Abram et al. construct communication-efficient, computationally secure (1) 2-party private simultaneous messages (PSM) and (2) secret sharing for forbidden graph structures. We prove the low-degree hardness of detecting planted random subgraphs all the way up to . This improves over Abram et al.'s analysis for . The hardness extends to -uniform hypergraphs for constant . Our analysis is tight in the distinguisher's degree, its advantage, and in the number of leaked vertices. Extending the constructions of Abram et al, we apply the conjecture towards (1) communication-optimal multiparty PSM protocols for random functions and (2) bit secret sharing with share size for any in which arbitrary minimal coalitions of up to parties can reconstruct and secrecy holds against all unqualified subsets of up to parties.
Paper Structure (13 sections, 7 theorems, 56 equations)

This paper contains 13 sections, 7 theorems, 56 equations.

Table of Contents

  1. Introduction
  2. Secret sharing and leakage
  3. Private simultaneous messages (PSM)
  4. Low-degree lower bounds
  5. Our result
  6. Our proof
  7. Proof of Theorem \ref{['thm:main']}
  8. Proof of Proposition \ref{['prop:low']}
  9. Proof of Proposition \ref{['prop:high']}
  10. Extension to higher moments
  11. Cryptographic applications
  12. Hypergraph secret sharing
  13. Multiparty PSM for random functions

Key Result

Theorem 2.1

Assume for some $p \in \mathbb{N}$ and constant $\varepsilon>0$, the following bounds hold on the size of $H$, $k$, the leakage number $\ell$ and the degree $D$: Then for any $L \subseteq [k]$ with $|L| = \ell$,

Theorems & Definitions (16)

  • Definition 1.1
  • Definition 1.2
  • Conjecture 1.3
  • Conjecture 1.4
  • Theorem 2.1
  • Corollary 2.2
  • Proposition 3.1
  • Proposition 3.2
  • proof
  • proof
  • ...and 6 more