Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions and Hardness

  • Hamidreza Amini KhorasganiEmail author
  • Hemanta K. Maji
  • Tamalika Mukherjee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11892)


Consider the representative task of designing a distributed coin-tossing protocol for n processors such that the probability of heads is \(X_0\in [0,1]\). This protocol should be robust to an adversary who can reset one processor to change the distribution of the final outcome. For \(X_0=1/2\), in the information-theoretic setting, no adversary can deviate the probability of the outcome of the well-known Blum’s “majority protocol” by more than \(\frac{1}{\sqrt{2\pi n}}\), i.e., it is \(\frac{1}{\sqrt{2\pi n}}\) insecure.

In this paper, we study discrete-time martingales \((X_0,X_1,\dotsc ,X_n)\) such that \(X_i\in [0,1]\), for all \(i\in \{0,\dotsc ,n\}\), and \(X_n\in {\{0,1\}} \). These martingales are commonplace in modeling stochastic processes like coin-tossing protocols in the information-theoretic setting mentioned above. In particular, for any \(X_0\in [0,1]\), we construct martingales that yield \(\frac{1}{2}\sqrt{\frac{X_0(1-X_0)}{n}}\) insecure coin-tossing protocols. For \(X_0=1/2\), our protocol requires only 40% of the processors to achieve the same security as the majority protocol.

The technical heart of our paper is a new inductive technique that uses geometric transformations to precisely account for the large gaps in these martingales. For any \(X_0\in [0,1]\), we show that there exists a stopping time \(\tau \) such that The inductive technique simultaneously constructs martingales that demonstrate the optimality of our bound, i.e., a martingale where the gap corresponding to any stopping time is small. In particular, we construct optimal martingales such that any stopping time \(\tau \) has Our lower-bound holds for all \(X_0\in [0,1]\); while the previous bound of Cleve and Impagliazzo (1993) exists only for positive constant \(X_0\). Conceptually, our approach only employs elementary techniques to analyze these martingales and entirely circumvents the complex probabilistic tools inherent to the approaches of Cleve and Impagliazzo (1993) and Beimel, Haitner, Makriyannis, and Omri (2018).

By appropriately restricting the set of possible stopping-times, we present representative applications to constructing distributed coin-tossing/dice-rolling protocols, discrete control processes, fail-stop attacking coin-tossing/dice-rolling protocols, and black-box separations.

Supplementary material


  1. 1.
    Alon, B., Omri, E.: Almost-optimally fair multiparty coin-tossing with nearly three-quarters malicious. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 307–335. Springer, Heidelberg (2016). Scholar
  2. 2.
    Asharov, G.: Towards characterizing complete fairness in secure two-party computation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 291–316. Springer, Heidelberg (2014). Scholar
  3. 3.
    Asharov, G., Beimel, A., Makriyannis, N., Omri, E.: Complete characterization of fairness in secure two-party computation of boolean functions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 199–228. Springer, Heidelberg (2015). Scholar
  4. 4.
    Asharov, G., Lindell, Y., Rabin, T.: A full characterization of functions that imply fair coin tossing and ramifications to fairness. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 243–262. Springer, Heidelberg (2013). Scholar
  5. 5.
    Awerbuch, B., Blum, M., Chor, B., Goldwasser, S., Micali, S.: How to implement Bracha’s O(log n) byzantine agreement algorithm. Unpublished manuscript (1985)Google Scholar
  6. 6.
    Azuma, K.: Weighted sums of certain dependent random variables. Tohoku Math. J. (2) 19(3), 357–367 (1967). Scholar
  7. 7.
    Beimel, A., Haitner, I., Makriyannis, N., Omri, E.: Tighter bounds on multi-party coin flipping via augmented weak martingales and differentially private sampling. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), pp. 838–849. IEEE (2018)Google Scholar
  8. 8.
    Beimel, A., Lindell, Y., Omri, E., Orlov, I.: 1/p-secure multiparty computation without honest majority and the best of both worlds. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 277–296. Springer, Heidelberg (2011). Scholar
  9. 9.
    Beimel, A., Omri, E., Orlov, I.: Protocols for multiparty coin toss with dishonest majority. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 538–557. Springer, Heidelberg (2010). Scholar
  10. 10.
    Blum, M.: How to exchange (secret) keys (extended abstract). In: 15th Annual ACM Symposium on Theory of Computing, Boston, MA, USA, 25–27 April 1983, pp. 440–447. ACM Press (1983).
  11. 11.
    Bosley, C., Dodis, Y.: Does privacy require true randomness? In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 1–20. Springer, Heidelberg (2007). Scholar
  12. 12.
    Buchbinder, N., Haitner, I., Levi, N., Tsfadia, E.: Fair coin flipping: tighter analysis and the many-party case. In: Klein, P.N. (ed.) 28th Annual ACM-SIAM Symposium on Discrete Algorithms, Barcelona, Spain, 16–19 January 2017, pp. 2580–2600. ACM-SIAM (2017).
  13. 13.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: 18th Annual ACM Symposium on Theory of Computing, Berkeley, CA, USA, 28–30 May 1986, pp. 364–369. ACM Press (1986).
  14. 14.
    Cleve, R., Impagliazzo, R.: Martingales, collective coin flipping and discrete control processes (extended abstract) (1993)Google Scholar
  15. 15.
    Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the black-box complexity of optimally-fair coin tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011). Scholar
  16. 16.
    Dachman-Soled, D., Mahmoody, M., Malkin, T.: Can optimally-fair coin tossing be based on one-way functions? In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 217–239. Springer, Heidelberg (2014). Scholar
  17. 17.
    Dodis, Y., Ong, S.J., Prabhakaran, M., Sahai, A.: On the (im)possibility of cryptography with imperfect randomness. In: 45th Annual Symposium on Foundations of Computer Science, Rome, Italy, 17–19 October 2004, pp. 196–205. IEEE Computer Society Press (2004).
  18. 18.
    Dodis, Y., Pietrzak, K., Przydatek, B.: Separating sources for encryption and secret sharing. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 601–616. Springer, Heidelberg (2006). Scholar
  19. 19.
    Dodis, Y., Spencer, J.: On the (non)universality of the one-time pad. In: 43rd Annual Symposium on Foundations of Computer Science, Vancouver, BC, Canada, 16–19 November 2002, pp. 376–387. IEEE Computer Society Press (2002).
  20. 20.
    Goldwasser, S., Kalai, Y.T., Park, S.: Adaptively secure coin-flipping, revisited. In: Halldórsson, M.M., Iwama, K., Kobayashi, N., Speckmann, B. (eds.) ICALP 2015. LNCS, vol. 9135, pp. 663–674. Springer, Heidelberg (2015). Scholar
  21. 21.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: Ladner, R.E., Dwork, C. (eds.) 40th Annual ACM Symposium on Theory of Computing, Victoria, BC, Canada, 17–20 May 2008, pp. 413–422. ACM Press (2008).
  22. 22.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010). Scholar
  23. 23.
    Haitner, I., Omri, E., Zarosim, H.: Limits on the usefulness of random oracles. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 437–456. Springer, Heidelberg (2013). Scholar
  24. 24.
    Haitner, I., Tsfadia, E.: An almost-optimally fair three-party coin-flipping protocol. In: Shmoys, D.B. (ed.) 46th Annual ACM Symposium on Theory of Computing, New York, NY, USA, 31 May–3 June 2014, pp. 408–416. ACM Press (2014).
  25. 25.
    Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13–30 (1963). Scholar
  26. 26.
    Kenyon, C., Rabani, Y., Sinclair, A.: Biased random walks, Lyapunov functions, and stochastic analysis of best fit bin packing (preliminary version). In: Tardos, É. (ed.) 7th Annual ACM-SIAM Symposium on Discrete Algorithms, Atlanta, Georgia, USA, 28–30 January 1996, pp. 351–358. ACM-SIAM (1996)Google Scholar
  27. 27.
    Khorasgani, H.A., Maji, H., Mukherjee, T.: Estimating gaps in martingales and applications to coin-tossing: constructions and hardness. Cryptology ePrint Archive, Report 2019/774 (2019).
  28. 28.
    Lichtenstein, D., Linial, N., Saks, M.: Some extremal problems arising from discrete control processes. Combinatorica 9(3), 269–287 (1989)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Makriyannis, N.: On the classification of finite boolean functions up to fairness. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 135–154. Springer, Cham (2014). Scholar
  30. 30.
    Moran, T., Naor, M., Segev, G.: An optimally fair coin toss. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 1–18. Springer, Heidelberg (2009). Scholar
  31. 31.
    Nisan, N.: Extracting randomness: how and why-a survey. In: CCC, p. 44. IEEE (1996)Google Scholar
  32. 32.
    Nisan, N., Ta-Shma, A.: Extracting randomness: a survey and new constructions. J. Comput. Syst. Sci. 58(1), 148–173 (1999)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Srinivasan, A., Zuckerman, D.: Computing with very weak random sources. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA, 20–22 November 1994, pp. 264–275. IEEE Computer Society Press (1994).
  34. 34.
    Trevisan, L., Vadhan, S.P.: Extracting randomness from samplable distributions. In: 41st Annual Symposium on Foundations of Computer Science, Redondo Beach, CA, USA, 12–14 November 2000, pp. 32–42. IEEE Computer Society Press (2000).
  35. 35.
    Zuckerman, D.: Simulating BPP using a general weak random source. Algorithmica 16(4–5), 367–391 (1996)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Hamidreza Amini Khorasgani
    • 1
    Email author
  • Hemanta K. Maji
    • 1
  • Tamalika Mukherjee
    • 1
  1. 1.Department of Computer SciencePurdue UniversityWest LafayetteUSA

Personalised recommendations