Secure Non-interactive Simulation: Feasibility and Rate

A natural solution to increase the efficiency of secure computation will be to non-interactively and securely transform diverse inexpensive-to-generate correlated randomness, like, joint samples from noise sources, into correlations useful for secure computation protocols. Motivated by this general application for secure computation, our work introduces the notion of secure non-interactive simulation (SNIS). Parties receive samples of correlated randomness, and they, without any interaction, securely convert them into samples from another correlated randomness. Our work presents a simulation-based security definition for SNIS and initiates the study of the feasibility and efficiency of SNIS. We also study SNIS among fundamental correlated randomnesses like random samples from the binary symmetric and binary erasure channels, represented by BSS and BES, respectively. We show the impossibility of interconversion between BSS and BES samples. Next, we prove that a SNIS of a BES(epsilon') sample (a BES with noise characteristic epsilon') from BES(epsilon) is feasible if and only if (1- epsilon') = (1- epsilon)(k), for some k is an element of N. In this context, we prove that all SNIS constructions must be linear. Furthermore, if (1 - epsilon') = (1 - epsilon)(k), then the rate of simulating multiple independent BES(epsilon') samples is at most 1/k, which is also achievable using (block) linear constructions. Finally, we show that a SNIS of a BSS(epsilon') sample from BSS(epsilon) samples is feasible if and only if (1 - 2 epsilon') = (1 - 2 epsilon)(k), for some k is an element of N. Interestingly, there are linear as well as non-linear SNIS constructions. When (1 - 2 epsilon') = (1 - 2 epsilon)(k), we prove that the rate of a perfectly secure SNIS is at most 1/k, which is achievable using linear and non-linear constructions. Our technical approach algebraizes the definition of SNIS and proceeds via Fourier analysis. Our work develops general analysis methodologies for Boolean functions, explicitly incorporating cryptographic security constraints. Our work also proves strong forms of statistical-to-perfect security transformations: one can error-correct a statistically secure SNIS to make it perfectly secure. We show a connection of our research with homogeneous Boolean functions and distance-invariant codes, which may be of independent interest.