Limits on the security of coin flips when half the processors are faulty
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
A robust noncrytographic protocol for collective coin flipping
SIAM Journal on Discrete Mathematics
Coin-flipping games immune against linear-sized coalitions
SIAM Journal on Computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Perfect information leader election in log * n+0(1) rounds
Journal of Computer and System Sciences
Noncryptographic Selection Protocols
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
A new protocol and lower bounds for quantum coin flipping
Journal of Computer and System Sciences - STOC 2001
Rational secret sharing and multiparty computation: extended abstract
STOC '04 Proceedings of the thirty-sixth annual ACM symposium on Theory of computing
Multiparty Quantum Coin Flipping
CCC '04 Proceedings of the 19th IEEE Annual Conference on Computational Complexity
On achieving the "best of both worlds" in secure multiparty computation
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
Complete fairness in secure two-party computation
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
One-way functions are essential for complexity based cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Cryptography and game theory: designing protocols for exchanging information
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Basing cryptographic protocols on tamper-evident seals
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Rational secret sharing, revisited
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Protocols for multiparty coin toss with dishonest majority
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
On the black-box complexity of optimally-fair coin tossing
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Tight bounds for classical and quantum coin flipping
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Exploring the limits of common coins using frontier analysis of protocols
TCC'11 Proceedings of the 8th conference on Theory of cryptography
1/p-Secure multiparty computation without honest majority and the best of both worlds
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Complete Fairness in Secure Two-Party Computation
Journal of the ACM (JACM)
Leakage-resilient coin tossing
DISC'11 Proceedings of the 25th international conference on Distributed computing
Partial fairness in secure two-party computation
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient secure computation with garbled circuits
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Identifying cheaters without an honest majority
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Fair computation with rational players
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC '86] showed that for any two-party r -round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by *** (1/r ). However, the best previously known protocol only guarantees $O(1/\sqrt{r})$ bias, and the question of whether Cleve's bound is tight has remained open for more than twenty years. In this paper we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve's lower bound is tight: we construct an r -round protocol with bias O (1/r ).