How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
Limits on the security of coin flips when half the processors are faulty
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Verifiable secret sharing and multiparty protocols with honest majority
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Bounded-concurrent secure multi-party computation with a dishonest majority
STOC '04 Proceedings of the thirty-sixth annual ACM symposium on Theory of computing
Coin flipping by telephone a protocol for solving impossible problems
ACM SIGACT News - A special issue on cryptography
On achieving the "best of both worlds" in secure multiparty computation
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Security against covert adversaries: efficient protocols for realistic adversaries
TCC'07 Proceedings of the 4th conference on Theory of cryptography
1/p-Secure multiparty computation without honest majority and the best of both worlds
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Complete Fairness in Secure Two-Party Computation
Journal of the ACM (JACM)
Efficient secure computation with garbled circuits
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Identifying cheaters without an honest majority
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Hi-index | 0.00 |
Coin-tossing protocols are protocols that generate a random bit with uniform distribution. These protocols are used as a building block in many cryptographic protocols. Cleve [STOC 1986] has shown that if at least half of the parties can be malicious, then, in any r-round coin-tossing protocol, the malicious parties can cause a bias of Ω(1/r) to the bit that the honest parties output. However, for more than two decades the best known protocols had bias t/√r, where t is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev [TCC 2009] have shown that there is an r-round two-party coin-tossing protocol with the optimal bias of O(1/r). We extend Moran et al. results to the multiparty model when less than 2/3 of the parties are malicious. The bias of our protocol is proportional to 1/r and depends on the gap between the number of malicious parties and the number of honest parties in the protocol. Specifically, for a constant number of parties or when the number of malicious parties is somewhat larger than half, we present an r-round m-party coin-tossing protocol with optimal bias of O(1/r).