Limits on the security of coin flips when half the processors are faulty
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Pseudo-random generation from one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Distributed pseudo-random bit generators—a new way to speed-up shared coin tossing
PODC '96 Proceedings of the fifteenth annual ACM symposium on Principles of distributed computing
Universally composable two-party and multi-party secure computation
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Universally Composable Commitments
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Multiparty Quantum Coin Flipping
CCC '04 Proceedings of the 19th IEEE Annual Conference on Computational Complexity
On fairness in simulatability-based cryptographic systems
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Tight bounds for classical and quantum coin flipping
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Hi-index | 0.00 |
We consider the cryptographic two-party protocol task of extending a given coin toss. The goal is to generate n common random coins from a single use of an ideal functionality which gives m n common random coins to the parties. In the framework of Universal Composability we show the impossibility of securely extending a coin toss for statistical and perfect security. On the other hand, for computational security the existence of a protocol for coin toss extension depends on the number m of random coins which can be obtained “for free”. For the case of stand-alone security, i.e., a simulation based security definition without an environment, we present a novel protocol for unconditionally secure coin toss extension. The new protocol works for superlogarithmic m, which is optimal as we show the impossibility of statistically secure coin toss extension for smaller m. Combining our results with already known results, we obtain a (nearly) complete characterization under which circumstances coin toss extension is possible.