1

One-way protocols and One-way protocols and combinatorial designscombinatorial designs

Mike AtkinsonJoint work with

Michael Albert, Hans van Ditmarsch, Robert Aldred, Chris Handley

2

The planThe plan

• Description of problem

• Modelling the problem

• Solutions

3

The 2000 Moscow The 2000 Moscow Mathematical OlympiadMathematical Olympiad

• Players Alice, Bob, Crow draw cards from a 7 card deck. A receives 3 cards, B receives 3 cards, C receives 1 card

• How can A, in a single public announcement, tell B what her cards are without C learning a single card of A or B’s holding?

4

First thoughtsFirst thoughts

• A could make some very complex announcement (“I hold card 2 or card 4; if I hold card 3 I don’t hold card 5; if I hold any consecutive numbered cards then one is prime,….”)

• B, knowing his own cards, finds A’s announcement useful

• C, knowing only his card, can’t use it

5

PitfallsPitfalls

• Suppose A held 0,1,2; she could say “I hold 0,1,2 or 3,4,5”

• B would successfully learn A’s hand because only one of those possibilities can be consistent with his own hand

• But, for all A knows, C might hold 3 and then C could infer A’s holding (note: A would be safe if C held 6)

6

Second thoughtsSecond thoughts

• No matter how complex is A’s announcement it is tantamount to saying “My holding is one of the following …”

• A’s announcement must be effective for B and ineffective for C no matter what B and C hold

7

First solutionFirst solution

• A says “Modulo 7 my total is x”. – The 35 possible holdings for A come in 7 groups

of 5 corresponding to their sum mod 7– “Modulo 7 my total is 3” is tantamount to saying “I

hold 012, 136, 145, 235, or 046”

• B can now work out C’s card and therefore work out A’s holding

• C can only work out A’s sum modulo 7 and B’s sum modulo 7: he can’t work out any one card of A or B.

8

Second solutionSecond solution

• A could announce (supposing that she holds 0,1,2) “I hold one of 012,056,034,145,136,235,246”

• Exhaustive check. E.g. suppose B held 345 then he could deduce A holds 012 since all other possibilities intersect his own holding. But C (holding 6) can deduce only that A’s holding is one of 012,034,145,235 and no card of A is revealed.

9

Other solutionsOther solutions

• All solutions involve an announcement of 5 or 6 or 7 possible holdings

• More than 7 makes it too hard for B

• Less than 5 makes it too easy for C

10

Reveal as little as possibleReveal as little as possible

• If A wishes to reveal as little as possible she should choose to present 7 possible holdings rather than 5

• How are the “optimal” solutions found?

11

Structure of the solutionStructure of the solution 012,056,034,145,136,235,246012,056,034,145,136,235,246

• The 7 triples are the lines of the 7 point projective plane

65

43

2

0

1

12

The general problemThe general problem

• A holds a cards, B b cards, C c cards from a deck of v=a+b+c cards

• A must make one public announcement from which B can infer A’s holding but C cannot infer any card of either A or B

• For which a, b, c is this possible?• If it is possible, what are the most and least

informative announcements?• Find a suitable announcement!

13

Communication protocolsCommunication protocols

• A protocol is a series of messages by various parties to communicate information E.g. A might send a message to B, B might answer with another message, A might send yet another message,…. Eventually the required information is communicated.

• We are studying one-way protocols

14

The one-way restrictionThe one-way restriction

• Suppose a=2, b=4, c=1 (and v=7)• No one-way protocol is possible• There is a 2 message protocol:

– B first announces a number of possible holdings for himself that allows A to deduce B’s holding whereas C learns no card of either A or B

– A now knows C’s card and announces it; this tells C nothing further but allows B to infer A’s holding

15

The one-way restrictionThe one-way restriction

• Suppose a=2, b=4, c=1 (and v=7)• No one-way protocol is possible• There is a 2 message protocol:

– B (holding, say, 1236) could announce he holds one of 3456, 0156, 1245, 1236, 0134, 0235, 0246. A (holding, say, 05) could then infer B’s holding

– A now knows C’s card is 4 and announces it; B can now deduce that A holds 05

16

Combinatorial conditionsCombinatorial conditions

• A collection L of a-subsets of {0,1,..,v-1} is a one-way protocol if and only if– For all L1,L2 in L , |L1 L2| ≤ a-c-1

– For all c-sets X the set of members of L disjoint from X have empty intersection and their union contains every point not in X

17

Combinatorial problemsCombinatorial problems

• For given a,b,c find a suitable collection L of a-subsets of {0,1,…,v-1}.

• Find upper and lower bounds on the size of |L|.

• Find general constructions valid for a range of (a,b,c) values.

18

Bounds on |Bounds on |LL| |

• |L| ≤ • |L| ≥ v(c+1)/a• Some other bounds also known• Sometimes the bounds prove that no one-

way protocol exists• Occasionally, they pin down |L| uniquely

– e.g. if b=2, c=1 then |L| = (a+2)(a+3)/6

v!c!(v-a)!(v-b)!

19

General constructionGeneral construction

• Let be a set of a integers such that among the (non-zero) differences d1-d2 no value occurs more than e times.

• Let L be the set {i + |i = 0 … v-1} (arithmetic mod v)

• L realises the parameter set a,v-2a+e+1,a-e-1

20

ExamplesExamples

• Many one-way protocols seem to have no further combinatorial interest

• Those for which |L| is maximal are often more interesting– v = 13 (all the spades), a = 4, b = 7, c = 2, L is the

set of 13 lines of the 13 point projective plane– v = 11, a = 5, b = 5, c = 1, L is the set of 66 blocks

of the Steiner system 4-(5,11,1) whose automorphism group is M11

21

Examples cont.Examples cont.

– a=4, b=3, c=1. Code the 8 cards as vectors in Z2 Z2 Z2. Let L be the 7 subgroups of order 4 and their complements