210 likes | 339 Views
One-way protocols and combinatorial designs. Mike Atkinson Joint work with Michael Albert, Hans van Ditmarsch, Robert Aldred, Chris Handley. The plan. Description of problem Modelling the problem Solutions. The 2000 Moscow Mathematical Olympiad.
E N D
One-way protocols and combinatorial designs Mike Atkinson Joint work with Michael Albert, Hans van Ditmarsch, Robert Aldred, Chris Handley
The plan • Description of problem • Modelling the problem • Solutions
The 2000 Moscow Mathematical Olympiad • Players Alice, Bob, Crow draw cards from a 7 card deck. A receives 3 cards, B receives 3 cards, C receives 1 card • How can A, in a single public announcement, tell B what her cards are without C learning a single card of A or B’s holding?
First thoughts • A could make some very complex announcement (“I hold card 2 or card 4; if I hold card 3 I don’t hold card 5; if I hold any consecutive numbered cards then one is prime,….”) • B, knowing his own cards, finds A’s announcement useful • C, knowing only his card, can’t use it
Pitfalls • Suppose A held 0,1,2; she could say “I hold 0,1,2 or 3,4,5” • B would successfully learn A’s hand because only one of those possibilities can be consistent with his own hand • But, for all A knows, C might hold 3 and then C could infer A’s holding (note: A would be safe if C held 6)
Second thoughts • No matter how complex is A’s announcement it is tantamount to saying “My holding is one of the following …” • A’s announcement must be effective for B and ineffective for C no matter what B and C hold
First solution • A says “Modulo 7 my total is x”. • The 35 possible holdings for A come in 7 groups of 5 corresponding to their sum mod 7 • “Modulo 7 my total is 3” is tantamount to saying “I hold 012, 136, 145, 235, or 046” • B can now work out C’s card and therefore work out A’s holding • C can only work out A’s sum modulo 7 and B’s sum modulo 7: he can’t work out any one card of A or B.
Second solution • A could announce (supposing that she holds 0,1,2) “I hold one of 012,056,034,145,136,235,246” • Exhaustive check. E.g. suppose B held 345 then he could deduce A holds 012 since all other possibilities intersect his own holding. But C (holding 6) can deduce only that A’s holding is one of 012,034,145,235 and no card of A is revealed.
Other solutions • All solutions involve an announcement of 5 or 6 or 7 possible holdings • More than 7 makes it too hard for B • Less than 5 makes it too easy for C
Reveal as little as possible • If A wishes to reveal as little as possible she should choose to present 7 possible holdings rather than 5 • How are the “optimal” solutions found?
2 1 4 3 0 6 5 Structure of the solution012,056,034,145,136,235,246 • The 7 triples are the lines of the 7 point projective plane
The general problem • A holds a cards, B b cards, C c cards from a deck of v=a+b+c cards • A must make one public announcement from which B can infer A’s holding but C cannot infer any card of either A or B • For which a, b, c is this possible? • If it is possible, what are the most and least informative announcements? • Find a suitable announcement!
Communication protocols • A protocol is a series of messages by various parties to communicate information E.g. A might send a message to B, B might answer with another message, A might send yet another message,…. Eventually the required information is communicated. • We are studying one-way protocols
The one-way restriction • Suppose a=2, b=4, c=1 (and v=7) • No one-way protocol is possible • There is a 2 message protocol: • B first announces a number of possible holdings for himself that allows A to deduce B’s holding whereas C learns no card of either A or B • A now knows C’s card and announces it; this tells C nothing further but allows B to infer A’s holding
The one-way restriction • Suppose a=2, b=4, c=1 (and v=7) • No one-way protocol is possible • There is a 2 message protocol: • B (holding, say, 1236) could announce he holds one of 3456, 0156, 1245, 1236, 0134, 0235, 0246. A (holding, say, 05) could then infer B’s holding • A now knows C’s card is 4 and announces it; B can now deduce that A holds 05
Combinatorial conditions • A collection L of a-subsets of {0,1,..,v-1} is a one-way protocol if and only if • For all L1,L2 in L , |L1 L2| ≤ a-c-1 • For all c-sets X the set of members of L disjoint from X have empty intersection and their union contains every point not in X
Combinatorial problems • For given a,b,c find a suitable collection L of a-subsets of {0,1,…,v-1}. • Find upper and lower bounds on the size of |L|. • Find general constructions valid for a range of (a,b,c) values.
v!c! (v-a)!(v-b)! Bounds on |L| • |L| ≤ • |L| ≥ v(c+1)/a • Some other bounds also known • Sometimes the bounds prove that no one-way protocol exists • Occasionally, they pin down |L| uniquely • e.g. if b=2, c=1 then |L| = (a+2)(a+3)/6
General construction • Let D be a set of a integers such that among the (non-zero) differences d1-d2 no value occurs more than e times. • Let L be the set {i + D |i = 0 … v-1} (arithmetic mod v) • L realises the parameter set a,v-2a+e+1,a-e-1
Examples • Many one-way protocols seem to have no further combinatorial interest • Those for which |L| is maximal are often more interesting • v = 13 (all the spades), a = 4, b = 7, c = 2, L is the set of 13 lines of the 13 point projective plane • v = 11, a = 5, b = 5, c = 1, L is the set of 66 blocks of the Steiner system 4-(5,11,1) whose automorphism group is M11
Examples cont. • a=4, b=3, c=1. Code the 8 cards as vectors in Z2 Z2 Z2. Let L be the 7 subgroups of order 4 and their complements