I'm going through a Coursera cryptography class, and there appeared an interesting (and currently open) problem about extension of Diffie-Hellman protocol to multiple parties, while preserving the property of non-interactivity (i.e. no need for any exchange of information except the value $g^{a_{party}}$, which is a property of DH).
While I'm in no way a great mathematician, I decided I'd still try to think on this problem a bit. I have a feeling that the general construction is not secure, and try to build proof-by-contradiction for it.
Not going into details, I've broken down the problem to the following conditions:
We have some irreversible function $f(x)$ (i.e. for which a prototype $x$ can't be obtained from known $f(x)$) and a following function $F_f$:
\begin{align} \forall i,j \in [1,n], \; n \in \mathbf{N}, &\; n>2, \; a_i \in \mathbf{R}:\\ F_f(a_i,f(a_1),\ldots,f(a_{i-1}),f(a_{i+1}),\ldots,f(a_n)) &= F_f(a_j,f(a_1),\ldots,f(a_{j-1}),f(a_{j+1}),\ldots,f(a_n));\\ F_f(\ldots,f(a_i),f(a_j),\ldots) &= F_f(\ldots,f(a_j),f(a_i),\ldots) \end{align}
My question is: what can be inferred from such properties of function $F$? Can it be proven that given the $F_f$ we somehow can "break" the irreversibility of function $f$?
It's a completely open-ended question without a definite answer, I'm just looking for ideas.