On the Capacity of Secure Distributed Matrix Multiplication

Matrix multiplication is one of the key operations in various engineering applications. Outsourcing large-scale matrix multiplication tasks to multiple distributed servers or cloud is desirable to speed up computation. However, security becomes an issue when these servers are untrustworthy. In this paper, we study the problem of secure distributed matrix multiplication from distributed untrustworthy servers. This problem falls in the category of secure function computation and has received significant attention in the cryptography community. However, the fundamental limits of information-theoretically secure matrix multiplication remain an open problem. We focus on information-theoretically secure distributed matrix multiplication with the goal of characterizing the minimum communication overhead. The capacity of secure matrix multiplication is defined as the maximum possible ratio of the desired information and the total communication received from $N$ distributed servers. In particular, we study the following two models where we want to multiply two matrices $A\in\mathbb{F}^{m\times n}$ and $B\in\mathbb{F}^{n\times p}$: $(a)$ one-sided secure matrix multiplication with $\ell$ colluding servers, in which $B$ is a public matrix available at all servers and $A$ is a private matrix. $(b)$ fully secure matrix multiplication with $\ell$ colluding servers, in which both $A$ and $B$ are private matrices. The goal is to securely multiply $A$ and $B$ when any $\ell$ servers can collude. For model $(a)$, we characterize the capacity as $C_{\text{one-sided}}^{(\ell)}=(N-\ell)/N$ by providing a secure matrix multiplication scheme and a matching converse. For model $(b)$, we propose a novel scheme that lower bounds the capacity, i.e., $C_{\text{fully}}^{(\ell)}\geq (\lceil \sqrt{N}-\ell \rceil)^2/(\lceil \sqrt{N}-\ell \rceil+\ell)^2$.