An Optimally Fair Coin Toss

Moran, Tal; Naor, Moni; Segev, Gil

doi:10.1007/978-3-642-00457-5_1

An Optimally Fair Coin Toss

Tal Moran¹⁷,
Moni Naor¹⁷ &
Gil Segev¹⁷

Conference paper

2251 Accesses
46 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5444)

Abstract

We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC ’86] showed that for any two-party r-round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by Ω(1/r). However, the best previously known protocol only guarantees \(O(1/\sqrt{r})\) bias, and the question of whether Cleve’s bound is tight has remained open for more than twenty years.

In this paper we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve’s lower bound is tight: we construct an r-round protocol with bias O(1/r).

Keywords

Security Parameter
Message Authentication Code
Oblivious Transfer
Honest Party
Corrupted Party

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The original version of the book was revised: The copyright line was incorrect. The Erratum to the book is available at DOI: 10.1007/978-3-642-00457-5_36

Download conference paper PDF

References

Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, pp. 1–10 (1988)
Google Scholar
Blum, M.: Coin flipping by telephone - A protocol for solving impossible problems. In: Proceedings of the 25th IEEE Computer Society International Conference, pp. 133–137 (1982)
Google Scholar
Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)
CrossRef MathSciNet MATH Google Scholar
Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991)
CrossRef MathSciNet MATH Google Scholar
Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proceedings of the 30th Annual IEEE Symposium on Foundations of Computer Science, pp. 230–235 (1989)
Google Scholar
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the 18th Annual ACM Symposium on Theory of Computing, pp. 364–369 (1986)
Google Scholar
Averbuch, B., Blum, M., Chor, B., Silvio Micali, S.G.: How to implement Bracha’s O(log n) byzantine agreement algorithm (manuscript, 1985)
Google Scholar
Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)
CrossRef MATH Google Scholar
Katz, J.: On achieving the “best of both worlds” in secure multiparty computation. In: Proceedings of the 39th Annual ACM Symposium on Theory of computing, pp. 11–20 (2007)
Google Scholar
Gordon, D., Katz, J.: Partial fairness in secure two-party computation. Cryptology ePrint Archive, Report 2008/206 (2008)
Google Scholar
Cleve, R., Impagliazzo, R.: Martingales, collective coin flipping and discrete control processes (1993), http://www.cpsc.ucalgary.ca/~cleve/pubs/martingales.ps
Alon, N., Naor, M.: Coin-flipping games immune against linear-sized coalitions. SIAM Journal on Computing 22(2), 403–417 (1993)
CrossRef MathSciNet MATH Google Scholar
Ben-Or, M., Linial, N.: Collective coin flipping. Advances in Computing Research: Randomness and Computation 5, 91–115 (1989)
Google Scholar
Feige, U.: Noncryptographic selection protocols. In: Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science, pp. 142–153 (1999)
Google Scholar
Russell, A., Zuckerman, D.: Perfect information leader election in log^* n + O(1) rounds. Journal of Computer and System Sciences 63(4), 612–626 (2001)
CrossRef MathSciNet MATH Google Scholar
Saks, M.: A robust noncryptographic protocol for collective coin flipping. SIAM Journal on Discrete Mathematics 2(2), 240–244 (1989)
CrossRef MathSciNet MATH Google Scholar
Aharonov, D., Ta-Shma, A., Vazirani, U.V., Yao, A.C.: Quantum bit escrow. In: Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, pp. 705–714 (2000)
Google Scholar
Ambainis, A.: A new protocol and lower bounds for quantum coin flipping. Journal of Computer and System Sciences 68(2), 398–416 (2004)
CrossRef MathSciNet MATH Google Scholar
Ambainis, A., Buhrman, H., Dodis, Y., Rohrig, H.: Multiparty quantum coin flipping. In: Proceedings of the 19th Annual IEEE Conference on Computational Complexity, pp. 250–259 (2004)
Google Scholar
Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 285–297. Springer, Heidelberg (2005)
CrossRef Google Scholar
Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, pp. 413–422 (2008)
Google Scholar
Halpern, J.Y., Teague, V.: Rational secret sharing and multiparty computation. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing, pp. 623–632 (2004)
Google Scholar
Gordon, S.D., Katz, J.: Rational secret sharing, revisited. In: Proceedings on the 5th International Conference on Security and Cryptographyfor Networks, pp. 229–241 (2006)
Google Scholar
Kol, G., Naor, M.: Cryptography and game theory: Designing protocols for exchanging information. In: Proceedings of the 5th Theory of Cryptography Conference, pp. 320–339 (2008)
Google Scholar
Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)
CrossRef MathSciNet MATH Google Scholar
Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22(3), 265–279 (1981)
CrossRef MathSciNet MATH Google Scholar
Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. Journal of Cryptology 16(3), 143–184 (2003)
CrossRef MathSciNet MATH Google Scholar
Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. Cryptology ePrint Archive, Report 2004/331 (2004), http://eprint.iacr.org/2004/331.pdf

Download references

Author information

Authors and Affiliations

Department of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, 76100, Israel
Tal Moran, Moni Naor & Gil Segev

Authors

Tal Moran
View author publications
You can also search for this author in PubMed Google Scholar
Moni Naor
View author publications
You can also search for this author in PubMed Google Scholar
Gil Segev
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Faculty of Mathematics and Computer Science, The Weizmann Institute of Science, 76100, Rehovot, Israel
Omer Reingold

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Moran, T., Naor, M., Segev, G. (2009). An Optimally Fair Coin Toss. In: Reingold, O. (eds) Theory of Cryptography. TCC 2009. Lecture Notes in Computer Science, vol 5444. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00457-5_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-00457-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00456-8
Online ISBN: 978-3-642-00457-5
eBook Packages: Computer ScienceComputer Science (R0)