Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Private Sum Computation: Trade-Offs between Communication, Randomness, and Privacy

Remi A. Chou, Joerg Kliewer, Aylin Yener

TL;DR

This work analyzes private sum computation with $L$ users and a fusion center over a public, noiseless channel, allowing a controlled information leakage parameterized by $ ext{α} ext{∈[0,1]}$ so that colluding sets gain at most $(1- ext{α})$-scaled information. It derives tight converse bounds on the per-user communication rates, the sum of local randomness rates, and the global randomness rate, and provides a capacity-achieving scheme that matches these bounds. A central finding is that the local randomness must be organized as shares of a ramp secret sharing scheme, making secret sharing necessary (not just sufficient) for optimal private summation under leakage. The results generalize zero-leakage work, connect private summation to ramp secret sharing for all $ ext{α}$, and offer practical guidance on minimal communication and randomness resources when privacy constraints permit controlled leakage. The framework has implications for secure aggregation in distributed systems where randomness generation is costly or bandwidth is limited.

Abstract

Consider multiple users and a fusion center. Each user possesses a sequence of bits and can communicate with the fusion center through a one-way public channel. The fusion center's task is to compute the sum of all the sequences under the privacy requirement that a set of colluding users, along with the fusion center, cannot gain more than a predetermined amount $δ$ of information, measured through mutual information, about the sequences of other users. Our first contribution is to characterize the minimum amount of necessary communication between the users and the fusion center, as well as the minimum amount of necessary randomness at the users. Our second contribution is to establish a connection between private sum computation and secret sharing by showing that secret sharing is necessary to generate the local randomness needed for private sum computation, and prove that it holds true for any $δ\geq 0$.

Private Sum Computation: Trade-Offs between Communication, Randomness, and Privacy

TL;DR

This work analyzes private sum computation with users and a fusion center over a public, noiseless channel, allowing a controlled information leakage parameterized by so that colluding sets gain at most -scaled information. It derives tight converse bounds on the per-user communication rates, the sum of local randomness rates, and the global randomness rate, and provides a capacity-achieving scheme that matches these bounds. A central finding is that the local randomness must be organized as shares of a ramp secret sharing scheme, making secret sharing necessary (not just sufficient) for optimal private summation under leakage. The results generalize zero-leakage work, connect private summation to ramp secret sharing for all , and offer practical guidance on minimal communication and randomness resources when privacy constraints permit controlled leakage. The framework has implications for secure aggregation in distributed systems where randomness generation is costly or bandwidth is limited.

Abstract

Consider multiple users and a fusion center. Each user possesses a sequence of bits and can communicate with the fusion center through a one-way public channel. The fusion center's task is to compute the sum of all the sequences under the privacy requirement that a set of colluding users, along with the fusion center, cannot gain more than a predetermined amount of information, measured through mutual information, about the sequences of other users. Our first contribution is to characterize the minimum amount of necessary communication between the users and the fusion center, as well as the minimum amount of necessary randomness at the users. Our second contribution is to establish a connection between private sum computation and secret sharing by showing that secret sharing is necessary to generate the local randomness needed for private sum computation, and prove that it holds true for any .
Paper Structure (23 sections, 11 theorems, 49 equations, 1 figure)

This paper contains 23 sections, 11 theorems, 49 equations, 1 figure.

Table of Contents

  1. Introduction
  2. Problem Statement
  3. Main results
  4. Preliminaries
  5. Converse results
  6. Capacity results
  7. Connection between secret sharing and private summation
  8. Preliminaries
  9. Private summation and secret sharing
  10. Proof of Theorem \ref{['thmcv']}
  11. Communication rate converse: Proof of \ref{['eqth21']}
  12. Local randomness sum-rate converse: Proof of \ref{['eqth22']}
  13. Global randomness rate converse: Proof of \ref{['eqth23']}
  14. Proof of Theorem \ref{['thmi']}
  15. Proof of Theorem \ref{['thmach']}
  16. ...and 8 more sections

Key Result

Theorem 1

Consider any $(L,n, (R^{(X)}_l)_{l\in [L]},$$R^{(U)},(R^{(K)}_l)_{l\in [L]})$ private-sum computation protocol that is $(\delta= \alpha (L-1),T)$-private, where $\alpha \in [0,1]$. Then, we have

Figures (1)

  • Figure 1: Sum computation setting: $(S_i)_{i\in[L]}$ and $(X_i)_{i\in[L]}$ represent the the private sequences at the users and their encoded versions, respectively. $(K_i)_{i\in[L]}$ represents local randomness.

Theorems & Definitions (34)

  • Definition 1
  • Definition 2
  • Definition 3
  • Example 1: Setting in zhao2022secure
  • Remark 1
  • Remark 2
  • Remark 3
  • Theorem 1: Converse
  • proof
  • Theorem 2: Converse
  • ...and 24 more