Assisted Common Information with Applications to Secure Two-Party Computation

Secure multi-party computation is a central problem in modern cryptography. An important sub-class of this are problems of the following form: Alice and Bob desire to produce sample(s) of a pair of jointly distributed random variables. Each party must learn nothing more about the other party’s output than what its own output reveals. To aid in this, they have available a set up - correlated random variables whose distribution is different from the desired distribution - as well as unlimited noiseless communication. In this paper we present an upperbound on how efficiently a given set up can be used to produce samples from a desired distribution. The key tool we develop is a generalization of the concept of common information of two dependent random variables [Gacs-Korner, 1973]. Our generalization - a three-dimensional region - remedies some of the limitations of the original definition which captured only a limited form of dependence. It also includes as a special case Wyner’s common information [Wyner, 1975]. To derive the cryptographic bounds, we rely on a monotonicity property of this region: the region of the “views” of Alice and Bob engaged in any protocol can only monotonically expand and not shrink. Thus, by comparing the regions for the target random variables and the given random variables, we obtain our upperbound.

💡 Research Summary

The paper tackles a fundamental problem in secure multi‑party computation (SMPC): two parties, Alice and Bob, wish to jointly sample a pair of random variables (U,V) with a prescribed joint distribution while learning nothing about the other party’s output beyond what is implied by their own. They are equipped with unlimited noiseless communication and a pre‑shared correlated random source (X̂ , Ŷ ) whose distribution may differ from that of (U,V). The central question is how efficiently a given “setup” (the shared source) can be transformed into the desired distribution.

To answer this, the authors first observe that the classical notion of common information introduced by Gács and Körner (1973) captures only a very restrictive form of dependence—essentially deterministic common parts. Wyner’s common information (1975) relaxes this by allowing a stochastic common part but still reduces the dependence to a single scalar quantity. Both notions are insufficient when the relationship between two variables involves multiple layers of correlation (e.g., a mixture of deterministic and stochastic components).

The authors therefore propose a three‑dimensional “Assisted Common Information Region” (ACIR). A triple (R₁,R₂,R₀) belongs to the region of a pair (U,V) if there exists an auxiliary random variable Q such that:

• H(U|Q) ≤ R₁,
• H(V|Q) ≤ R₂,
• I(U;V|Q) ≤ R₀. Intuitively, R₁ and R₂ quantify the extra private randomness each party must inject beyond the common part Q, while R₀ measures the amount of common randomness that can be extracted from Q. When R₁=R₂=0 the region collapses to the Gács‑Körner common information; when only R₀ is minimized it coincides with Wyner’s definition. Thus ACIR unifies and extends the two classic concepts.

A key technical contribution is the monotonicity property of ACIR under protocol execution. The “view” of each party after any number of communication rounds consists of its local input, the shared source, all exchanged messages, and any locally generated randomness. The authors prove that the ACIR of the view pair (W_A ,W_B ) always contains the ACIR of the original shared source (X̂ ,Ŷ ). In other words, as the protocol proceeds the region can only expand; it never shrinks. This monotonicity yields a necessary condition for feasibility: the target distribution’s region must be a subset of the setup’s region, i.e., C_{U,V} ⊆ C_{X̂ ,Ŷ }.

From this inclusion the authors derive an explicit upper bound on the efficiency of any protocol that transforms (X̂ ,Ŷ ) into (U,V). The bound is expressed in terms of the differences between the corresponding R‑coordinates. Roughly speaking, the amount of communication required, the extra private randomness each party must generate, and the amount of common randomness that can be distilled are all lower‑bounded by the gaps between the two regions. The bound is information‑theoretic; it holds regardless of computational assumptions.

The paper illustrates the power of the bound with several canonical examples. In the “bit‑exchange” problem, where each party wishes to learn the other’s bit but nothing else, the Gács‑Körner common information would suggest zero common bits are needed, which is clearly false. The ACIR correctly predicts a non‑zero R₀, reflecting the unavoidable need for a shared secret. In a more complex “non‑linear function sampling” scenario, the authors compute the ACIR for both the setup and the target distribution and show that the derived bound is strictly tighter than any bound obtainable from Wyner’s common information alone.

Beyond these examples, the authors discuss broader implications. Because ACIR is defined via simple entropy constraints, it can be computed (or approximated) for many practical distributions using standard convex‑optimization techniques. The monotonicity property also extends to multi‑round protocols, making ACIR a versatile tool for analyzing layered or compositional secure computations. Moreover, the framework suggests a systematic way to design optimal setups: given a target distribution, one can search for a shared source whose ACIR just contains the target’s region, thereby minimizing the required communication and randomness overhead.

In conclusion, the paper introduces a robust, three‑dimensional generalization of common information that captures nuanced dependence structures between random variables. By proving that this region can only expand under protocol interaction, the authors obtain a clean, universally applicable upper bound on how efficiently a given correlated source can be leveraged to implement any desired joint distribution in a secure two‑party setting. This contribution not only refines our theoretical understanding of information‑theoretic limits in SMPC but also provides a practical analytical tool for the design and evaluation of secure computation protocols.