research-article

An Almost-Optimally Fair Three-Party Coin-Flipping Protocol

Authors:

Iftach Haitner,

Eliad TsfadiaAuthors Info & Claims

SIAM Journal on Computing, Volume 46, Issue 2

Pages 479 - 542

https://doi.org/10.1137/15M1009147

Published: 01 January 2017 Publication History

Abstract

In a multiparty fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. Cleve [in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1986, pp. 364--369] has shown that in the case of dishonest majority (i.e., at least half of the parties can be corrupted), in any $m$-round coin-flipping protocol the corrupted parties can bias the honest parties' common output bit by $\Omega(\frac 1{m})$. For more than two decades the best known coin-flipping protocols against dishonest majority had bias $\Theta(\frac {\ell}{\sqrt{m}})$, where $\ell$ is the number of corrupted parties. This was changed by a recent breakthrough result of Moran, Naor, and Segev [in Theory of Cryptography, Lecture Notes in Comput. Sci. 5444, Springer, Berlin, 2009, pp. 1--18], who constructed an $m$-round, two-party coin-flipping protocol with optimal bias $\Theta(\frac 1 m)$. In a subsequent work, Beimel, Omri, and Orlov [in Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1990, pp. 503--513] extended this result to the multiparty case in which less than $\frac23$ of the parties can be corrupted. Still, for the case of $\frac23$ (or more) corrupted parties, the best known protocol had bias $\Theta(\frac {\ell}{\sqrt{m}})$. In particular, this was the state of affairs for the natural three-party case. We take a step toward eliminating the above gap, presenting an $m$-round, three-party coin-flipping protocol, with bias $\frac{O(\log^3 m)}m$. Our approach (which we also apply to the two-party case) does not follow the “threshold round" paradigm used in the work of Moran, Naor, and Segev and Beimel, Omri, and Orlov but rather is a variation of the majority protocol of Cleve used to obtain the aforementioned $\Theta(\frac {\ell}{\sqrt{m}})$-bias protocol.

References

[1]

M. Abramowitz and I. A. Stegun, eds., Handbook of Mathematical Functions, Dover, New York, 1964.

[2]

D. Aharonov, A. Ta-Shma, U. Vazirani, and A. C. Yao, Quantum bit escrow, in Proceedings of the 32nd ACM Symposium on Theory of Computing (STOC), ACM, New York, 2000, pp. 705--714.

[3]

W. Aiello, Y. Ishai, and O. Reingold, Priced oblivious transfer: How to sell digital goods, in Advances in Cryptology---EUROCRYPT 2001, Springer, New York, 2001, pp. 119--135.

[4]

N. Alon and M. Naor, Coin-flipping games immune against linear-sized coalitions, SIAM J. Comput., 22 (1993), pp. 403--417, https://doi.org/10.1137/0222030.

[5]

A. Ambainis, A new protocol and lower bounds for quantum coin flipping, J. Comput. Syst. Sci., 68 (2004), pp. 398--416.

[6]

A. Ambainis, H. Buhrman, Y. Dodis, and H. Röhrig, Multiparty quantum coin flipping, in Proceedings of the 18th Annual IEEE Conference on Computational Complexity, IEEE, Washington, DC, 2004, pp. 250--259.

[7]

G. Asharov, Towards characterizing complete fairness in secure two-party computation, in Theory of Cryptography---Proceedings of the 11th Theory of Cryptography Conference (TCC) (San Diego, CA), Springer, New York, 2014, pp. 291--316, https://doi.org/10.1007/978-3-642-54242-8_13.

[8]

G. Asharov, A. Beimel, N. Makriyannis, and E. Omri, Complete characterization of fairness in secure two-party computation of boolean functions, in Theory of Cryptography---Proceedings of the 12th Theory of Cryptography Conference (TCC) (Warsaw, Poland), Part I, Springer, New York, 2015, pp. 199--228.

[9]

D. Beaver, S. Micali, and P. Rogaway, The round complexity of secure protocols, in Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1990, pp. 503--513.

[10]

A. Beimel, E. Omri, and I. Orlov, Protocols for multiparty coin toss with dishonest majority, in Advances in Cryptology---CRYPTO 2010, Lecture Notes in Comput. Sci. 6223, Springer, New York, 2010, pp. 538--557.

[11]

A. Beimel, Y. Lindell, E. Omri, and I. Orlov, $1/p$-secure multiparty computation without honest majority and the best of both worlds, in Advances in Cryptology---CRYPTO 2011, Springer, New York, 2011, pp. 277--296.

[12]

M. Ben-Or and N. Linial, Collective coin flipping, in Advances in Computing Research, Adv. Comput. Res. 5, JAI Press, Greenwich, CT, 1989, pp. 499--507.

[13]

M. Ben-Or, S. Goldwasser, and A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1988, pp. 1--10.

[14]

I. Berman, I. Haitner, and A. Tentes, Coin flipping of any constant bias implies one-way functions, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 2014, pp. 817--836.

[15]

M. Blum, How to exchange (secret) keys, ACM Trans. Comput. Syst., 1 (1983), pp. 175--193.

[16]

R. Canetti, Security and composition of multiparty cryptographic protocols, J. Cryptology, 13 (2000), pp. 143--202.

[17]

R. Cleve, Limits on the security of coin flips when half the processors are faulty, in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1986, pp. 364--369.

[18]

R. Cleve and R. Impagliazzo, Martingales, Collective Coin Flipping and Discrete Control Processes, manuscript, https://pdfs.semanticscholar.org/7c7f/244d2ef064d75b3d23c88472ee1226461695.pdf, 1993.

[19]

R. Cohen, I. Haitner, E. Omri, and L. Rotem, Characterization of secure multiparty computation without broadcast, in Theory of Cryptography 2016, Springer, New York, 2016, pp. 596--616.

[20]

D. Dachman-Soled, Y. Lindell, M. Mahmoody, and T. Malkin, On the black-box complexity of optimally-fair coin tossing, in Proceedings of the 8th Theory of Cryptography Conference (TCC), Lecture Notes in Comput. Sci. 6597, Springer, New York, 2011, pp. 450--467.

[21]

S. Even, O. Goldreich, and A. Lempel, A randomized protocol for signing contracts, Comm. ACM, 28 (1985), pp. 637--647.

[22]

U. Feige, Noncryptographic selection protocols, in Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science (FOCS), IEEE, Washington, DC, 1999, p. 142.

[23]

C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 2008, pp. 197--206.

[24]

O. Goldreich, Foundations of Cryptography---Volume 2: Basic Applications, Cambridge University Press, Cambridge, UK, 2004.

[25]

O. Goldreich, S. Micali, and A. Wigderson, How to play any mental game or a completeness theorem for protocols with honest majority, in Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 1987, pp. 218--229.

[26]

O. Goldreich, S. Micali, and A. Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, J. ACM, 38 (1991), pp. 691--729.

[27]

S. D. Gordon and J. Katz, Partial fairness in secure two-party computation, in Advances in Cryptology---EUROCRYPT 2010, Springer, New York, 2010, pp. 157--176.

[28]

S. D. Gordon, C. Hazay, J. Katz, and Y. Lindell, Complete fairness in secure two-party computation, in Proceedings of the 38th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 2008, pp. 413--422.

[29]

S. D. Gordon, C. Hazay, J. Katz, and Y. Lindell, Complete fairness in secure two-party computation, J. ACM, 58 (2011), 24.

[30]

I. Haitner, Implementing oblivious transfer using collection of dense trapdoor permutations, in Proceedings of the First Theory of Cryptography Conference, TCC 2004, Springer, New York, 2004, pp. 394--409.

[31]

I. Haitner and E. Omri, Coin flipping with constant bias implies one-way functions, in Proceedings of the 52nd Annual IEEE Symposium on Foundations of Computer Science (FOCS), IEEE, Washington, DC, 2011, pp. 110--119.

[32]

I. Haitner and E. Tsfadia, An almost-optimally fair three-party coin-flipping protocol, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 2014, pp. 817--836.

[33]

I. Haitner, M.-H. Nguyen, S. J. Ong, O. Reingold, and S. Vadhan, Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function, SIAM J. Comput., 39 (2009), pp. 1153--1218, https://doi.org/10.1137/080725404.

[34]

W. Hoeffding, Probability inequalities for sums of bounded random variables, J. Amer. Statist. Assoc., 58 (1963), pp. 13--30.

[35]

R. Impagliazzo and M. Luby, One-way functions are essential for complexity based cryptography, in Proceedings of the 30th Annual IEEE Symposium on Foundations of Computer Science (FOCS), IEEE, Washington, DC, 1989, pp. 230--235.

[36]

Y. Kalai, Smooth projective hashing and two-message oblivious transfer, in Advances in Cryptology---EUROCRYPT 2005, Springer, New York, 2005, pp. 78--95.

[37]

J. Katz, On achieving the “best of both worlds” in secure multiparty computation, in Proceedings of the 37th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, 2007, pp. 11--20.

[38]

H. K. Maji, M. Prabhakaran, and A. Sahai, On the computational complexity of coin flipping, in Proceedings of the 51th Annual IEEE Symposium on Foundations of Computer Science (FOCS), IEEE, Washington, DC, 2010, pp. 613--622.

[39]

T. Moran and M. Naor, Basing cryptographic protocols on tamper-evident seals, in ICALP: Annual International Colloquium on Automata, Languages and Programming, Lecture Notes in Comput. Sci. 3580, Springer, Berlin, 2005, pp. 285--297.

[40]

T. Moran, M. Naor, and G. Segev, An optimally fair coin toss, in Theory of Cryptography, 6th Theory of Cryptography Conference, TCC 2009, Lecture Notes in Comput. Sci. 5444, Springer, Berlin, 2009, pp. 1--18.

[41]

M. Naor, Bit commitment using pseudorandomness, J. Cryptology, 1991, pp. 151--158.

[42]

M. Naor and B. Pinkas, Efficient oblivious transfer protocols, in Proceedings of SODA, ACM, New York, SIAM, Philadelphia, 2001, pp. 448--457.

[43]

A. Russell and D. Zuckerman, Perfect information leader election in $log{*} n + 0 (1)$ rounds, in Proceedings of the 39th Annual IEEE Symposium on Foundations of Computer Science (FOCS), IEEE, Washington, DC, 1999, pp. 576--583.

[44]

M. Saks, A robust noncryptographic protocol for collective coin flipping, SIAM J. Discrete Math., 2 (1989), pp. 240--244, https://doi.org/10.1137/0402020.

[45]

M. Scala, Hypergeometric Tail Inequalities: Ending the Insanity, preprint, https://arxiv.org/abs/1311.5939, 2009.

Cited By

Cohen RDoerner JKondi YShelat A(2024)Secure Multiparty Computation with Identifiable Abort via Vindicating ReleaseAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68397-8_2(36-73)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68397-8_2
Alon BCohen ROmri ESuad T(2023)On the Power of an Honest Majority in Three-Party Computation Without BroadcastJournal of Cryptology10.1007/s00145-023-09456-436:3Online publication date: 7-Jun-2023
https://dl.acm.org/doi/10.1007/s00145-023-09456-4
Huang SPettie SZhu LLeonardi SGupta A(2022)Byzantine agreement in polynomial time with near-optimal resilienceProceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing10.1145/3519935.3520015(502-514)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519935.3520015

Recommendations

An almost-optimally fair three-party coin-flipping protocol
STOC '14: Proceedings of the forty-sixth annual ACM symposium on Theory of computing

In a multiparty fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. Cleve [STOC 1986] has shown that in the case of dishonest majority (i.e., at least half of the ...
Fair coin flipping: tighter analysis and the many-party case
SODA '17: Proceedings of the Twenty-Eighth Annual ACM-SIAM Symposium on Discrete Algorithms

In a multi-party fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. In this work we focus on the case of dishonest majority, ie at least half of the parties can be ...
Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious
Abstract
An $α$ -fair coin-tossing protocol allows a set of mutually distrustful parties to generate a uniform bit, such that no efficient adversary can bias the output bit by more than $α$ . Cleve (in: Proceedings of the 18th annual ACM symposium on theory of ... $(\sqrt{})$ $^{^{}}$ $\frac{}{}$ $(^{})$ $(\sqrt{})$ $(^{})$

Comments

Information & Contributors

Information

Published In

cover image SIAM Journal on Computing

SIAM Journal on Computing Volume 46, Issue 2

DOI:10.1137/smjcat.46.2

Issue’s Table of Contents

© 2017, Society for Industrial and Applied Mathematics.

Publisher

Society for Industrial and Applied Mathematics

United States

Publication History

Published: 01 January 2017

Author Tags

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cohen RDoerner JKondi YShelat A(2024)Secure Multiparty Computation with Identifiable Abort via Vindicating ReleaseAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68397-8_2(36-73)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68397-8_2
Alon BCohen ROmri ESuad T(2023)On the Power of an Honest Majority in Three-Party Computation Without BroadcastJournal of Cryptology10.1007/s00145-023-09456-436:3Online publication date: 7-Jun-2023
https://dl.acm.org/doi/10.1007/s00145-023-09456-4
Huang SPettie SZhu LLeonardi SGupta A(2022)Byzantine agreement in polynomial time with near-optimal resilienceProceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing10.1145/3519935.3520015(502-514)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519935.3520015
Alon BCohen ROmri ESuad T(2020)On the Power of an Honest Majority in Three-Party Computation Without BroadcastTheory of Cryptography10.1007/978-3-030-64378-2_22(621-651)Online publication date: 16-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-64378-2_22

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents