Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious

  • Bar AlonEmail author
  • Eran Omri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9985)


An \(\alpha \)-fair coin-tossing protocol allows a set of mutually distrustful parties to generate a uniform bit, such that no efficient adversary can bias the output bit by more than \(\alpha \). Cleve [STOC 1986] has shown that if half of the parties can be corrupted, then, no \(r\)-round coin-tossing protocol is \(o(1/r)\)-fair. For over two decades the best known m-party protocols, tolerating up to \({t}\ge m/2\) corrupted parties, were only \(O\left( {t}/\sqrt{r} \right) \)-fair. In a surprising result, Moran, Naor, and Segev [TCC 2009] constructed an \(r\)-round two-party \(O(1/r)\)-fair coin-tossing protocol, i.e., an optimally fair protocol. Beimel, Omri, and Orlov [Crypto 2010] extended the result of Moran et al. to the multiparty setting where strictly fewer than 2/3 of the parties are corrupted. They constructed a \(2^{2^k}/r\)-fair r-round m-party protocol, tolerating up to \(t=\frac{m+k}{2}\) corrupted parties.

Recently, in a breakthrough result, Haitner and Tsfadia [STOC 2014] constructed an \(O\left( \log ^3(r)/r \right) \)-fair (almost optimal) three-party coin-tossing protocol. Their work brought forth a combination of novel techniques for coping with the difficulties of constructing fair coin-tossing protocols. Still, the best coin-tossing protocols for the case where more than 2/3 of the parties may be corrupted (and even when \(t=2m/3\), where \(m>3\)) were \(\theta \left( 1/\sqrt{r} \right) \)-fair. We construct an \(O\left( \log ^3(r)/r \right) \)-fair m-party coin-tossing protocol, tolerating up to t corrupted parties, whenever m is constant and \(t<3m/4\).



We are grateful to Iftach Haitner and Amos Beimel for useful conversations.


  1. 1.
    Alon, B., Omri, E.: Almost-optimally fair multiparty coin-tossing with nearly three-quarters malicious (2016). Full version of this paper
  2. 2.
    Asharov, G.: Towards characterizing complete fairness in secure two-party computation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 291–316. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  3. 3.
    Asharov, G., Lindell, Y., Rabin, T.: A full characterization of functions that imply fair coin tossing and ramifications to fairness. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 243–262. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Asharov, G., Beimel, A., Makriyannis, N., Omri, E.: Complete characterization of fairness in secure two-party computation of Boolean functions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part I. LNCS, vol. 9014, pp. 199–228. Springer, Heidelberg (2015)Google Scholar
  5. 5.
    Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 137–156. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-70936-7_8 CrossRefGoogle Scholar
  6. 6.
    Averbuch, B., Blum, M., Chor, B., Goldwasser, S., Micali, S.: How to implement Bracha’s \({O}(\log n)\) Byzantine agreement algorithm (1985, Unpublished manuscript)Google Scholar
  7. 7.
    Beimel, A., Lindell, Y., Omri, E., Orlov, I.: 1/p-secure multiparty computation without honest majority and the best of both worlds. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 277–296. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Beimel, A., Omri, E., Orlov, I.: Protocols for multiparty coin toss with dishonest majority. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 538–557. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 29th Annual Symposium on Foundations of Computer Science (FOCS), pp. 1–10 (1988)Google Scholar
  10. 10.
    Berman, I., Haitner, Tentes, A.: Coin flipping of any constant bias implies one-way functions. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May - 03 June 2014, pp. 398–407 (2014)Google Scholar
  11. 11.
    Blum, M.: Coin flipping by telephone. In: Advances in Cryptology - CRYPTO 1981, pp. 11–15 (1981)Google Scholar
  12. 12.
    Blum, M.: Coin flipping by telephone a protocol for solving impossible problems. SIGACT News 15(1), 23–27 (1983)CrossRefzbMATHGoogle Scholar
  13. 13.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the 18th Annual ACM Symposium on Theory of Computing (STOC), pp. 364–369 (1986)Google Scholar
  15. 15.
    Cleve, R., Impagliazzo, R.: Martingales, collective coin flipping and discrete control processes (1993, Manuscript)Google Scholar
  16. 16.
    Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the black-box complexity of optimally-fair coin tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Dachman-Soled, D., Mahmoody, M., Malkin, T.: Can optimally-fair coin tossing be based on one-way functions? In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 217–239. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  18. 18.
    Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, New York (2009)Google Scholar
  19. 19.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC 19, pp. 218–229 (1987)Google Scholar
  20. 20.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. J. Cryptol. 25(1), 14–40 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC), pp. 413–422 (2008)Google Scholar
  23. 23.
    Haitner, I., Omri, E.: Coin flipping with constant bias implies one-way functions. In: Proceedings of the 52nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 110–119 (2011)Google Scholar
  24. 24.
    Haitner, I., Tsfadia, E.: An almost-optimally fair three-party coin-flipping protocol. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May - 03 June 2014, pp. 408–416 (2014).
  25. 25.
    Haitner, I., Nguyen, M., Ong, S.J., Reingold, O., Vadhan, S.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Ishai, Y., Ostrovsky, R., Zikas, V.: Secure multi-party computation with identifiable abort. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 369–386. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  27. 27.
    Katz, J.: On achieving the “best of both worlds” in secure multiparty computation. In: STOC07, pp. 11–20 (2007)Google Scholar
  28. 28.
    Maji, H.K., Prabhakaran, M., Sahai, A.: On the computational complexity of coin flipping. In: Proceedings of the 51st Annual Symposium on Foundations of Computer Science (FOCS), pp. 613–622 (2010)Google Scholar
  29. 29.
    Makriyannis, N.: On the classification of finite Boolean functions up to fairness. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 135–154. Springer, Heidelberg (2014)Google Scholar
  30. 30.
    Moran, T., Naor, M., Segev, G.: An optimally fair coin toss. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991). Preliminary version in CRYPTO 1989Google Scholar
  32. 32.
    Pass, R.: Bounded-concurrent secure multi-party computation with a dishonest majority. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing (STOC), pp. 232–241 (2004)Google Scholar
  33. 33.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceAriel UniversityArielIsrael

Personalised recommendations