## Abstract

Let π be an efficient two-party protocol that given security parameter κ, both parties output single bits X _{κ} and Y _{κ} , respectively. We are interested in how (X _{κ} , Y _{κ} ) "appears" to an efficient adversary that only views the transcript T _{κ} . We make the following contributions: • We develop new tools to argue about this loose notion, and show (modulo some caveats) that for every such protocol π, there exists an efficient simulator such that the following holds: on input T _{κ} , the simulator outputs a pair (X _{κ} ^{'} , Y _{κ} ) such that (X _{κ} ^{'} , Y _{κ} ^{'} , T _{κ} ) is (somewhat) computationally indistinguishable from (X _{κ} , Y _{κ} , T _{κ} ). • We use these tools to prove the following dichotomy theorem: every such protocol π is: - either uncorrelated - it is (somewhat) indistin-guishable from an efficient protocol whose parties interact to produce T _{κ} , but then choose their out-puts independently from some product distribution (that is determined in poly-time from T _{κ} ), - or, the protocol implies a key-agreement protocol (for infinitely many _{κ} 's). Uncorrelated protocols are uninteresting from a cryptographic viewpoint, as the correlation between outputs is (computationally) trivial. Our dichotomy shows that every protocol is either completely uninteresting or implies key-agreement. • We use the above dichotomy to make progress on open problems on minimal cryptographic assumptions required for differentially private mechanisms for the XOR function. • A subsequent work of Haitner et al. uses the above dichotomy to makes progress on a long-standing open question regarding the complexity of fair two-party coin-flipping protocols. We highlight the following ideas regarding our technique: • The simulator algorithm is obtained by a carefully designed "competition" between efficient algorithms attempting to forecast (X _{κ} , Y _{κ} )|T _{κ=t} . The winner is used to simulate the outputs of the protocol. • Our key-agreement protocol uses the simulation to reduce to an information theoretic setup, and is in some sense non-black box.

Original language | English |
---|---|

Title of host publication | Proceedings - 59th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2018 |

Editors | Mikkel Thorup |

Publisher | IEEE Computer Society |

Pages | 136-147 |

Number of pages | 12 |

ISBN (Electronic) | 9781538642306 |

DOIs | |

State | Published - 30 Nov 2018 |

Event | 59th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2018 - Paris, France Duration: 7 Oct 2018 → 9 Oct 2018 |

### Publication series

Name | Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS |
---|---|

Volume | 2018-October |

ISSN (Print) | 0272-5428 |

### Conference

Conference | 59th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2018 |
---|---|

Country/Territory | France |

City | Paris |

Period | 7/10/18 → 9/10/18 |

## Keywords

- Computational correlation
- Differential privacy
- Key agreement