Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious

Conference paper

DOI: 10.1007/978-3-662-53641-4_13

Volume 9985 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Alon B., Omri E. (2016) Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious. In: Hirt M., Smith A. (eds) Theory of Cryptography. TCC 2016. Lecture Notes in Computer Science, vol 9985. Springer, Berlin, Heidelberg


An \(\alpha \)-fair coin-tossing protocol allows a set of mutually distrustful parties to generate a uniform bit, such that no efficient adversary can bias the output bit by more than \(\alpha \). Cleve [STOC 1986] has shown that if half of the parties can be corrupted, then, no \(r\)-round coin-tossing protocol is \(o(1/r)\)-fair. For over two decades the best known m-party protocols, tolerating up to \({t}\ge m/2\) corrupted parties, were only \(O\left( {t}/\sqrt{r} \right) \)-fair. In a surprising result, Moran, Naor, and Segev [TCC 2009] constructed an \(r\)-round two-party \(O(1/r)\)-fair coin-tossing protocol, i.e., an optimally fair protocol. Beimel, Omri, and Orlov [Crypto 2010] extended the result of Moran et al. to the multiparty setting where strictly fewer than 2/3 of the parties are corrupted. They constructed a \(2^{2^k}/r\)-fair r-round m-party protocol, tolerating up to \(t=\frac{m+k}{2}\) corrupted parties.

Recently, in a breakthrough result, Haitner and Tsfadia [STOC 2014] constructed an \(O\left( \log ^3(r)/r \right) \)-fair (almost optimal) three-party coin-tossing protocol. Their work brought forth a combination of novel techniques for coping with the difficulties of constructing fair coin-tossing protocols. Still, the best coin-tossing protocols for the case where more than 2/3 of the parties may be corrupted (and even when \(t=2m/3\), where \(m>3\)) were \(\theta \left( 1/\sqrt{r} \right) \)-fair. We construct an \(O\left( \log ^3(r)/r \right) \)-fair m-party coin-tossing protocol, tolerating up to t corrupted parties, whenever m is constant and \(t<3m/4\).

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceAriel UniversityArielIsrael