TY - GEN
T1 - Protocols for multiparty coin toss with dishonest majority
AU - Beimel, Amos
AU - Omri, Eran
AU - Orlov, Ilan
PY - 2010
Y1 - 2010
N2 - Coin-tossing protocols are protocols that generate a random bit with uniform distribution. These protocols are used as a building block in many cryptographic protocols. Cleve [STOC 1986] has shown that if at least half of the parties can be malicious, then, in any -round coin-tossing protocol, the malicious parties can cause a bias of to the bit that the honest parties output. However, for more than two decades the best known protocols had bias t/r√, where is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev [TCC 2009] have shown that there is an -round two-party coin-tossing protocol with the optimal bias of O(1/r). We extend Moran et al. results to the multiparty model when less than 2/3 of the parties are malicious. The bias of our protocol is proportional to and depends on the gap between the number of malicious parties and the number of honest parties in the protocol. Specifically, for a constant number of parties or when the number of malicious parties is somewhat larger than half, we present an -round -party coin-tossing protocol with optimal bias of O(1/r).
AB - Coin-tossing protocols are protocols that generate a random bit with uniform distribution. These protocols are used as a building block in many cryptographic protocols. Cleve [STOC 1986] has shown that if at least half of the parties can be malicious, then, in any -round coin-tossing protocol, the malicious parties can cause a bias of to the bit that the honest parties output. However, for more than two decades the best known protocols had bias t/r√, where is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev [TCC 2009] have shown that there is an -round two-party coin-tossing protocol with the optimal bias of O(1/r). We extend Moran et al. results to the multiparty model when less than 2/3 of the parties are malicious. The bias of our protocol is proportional to and depends on the gap between the number of malicious parties and the number of honest parties in the protocol. Specifically, for a constant number of parties or when the number of malicious parties is somewhat larger than half, we present an -round -party coin-tossing protocol with optimal bias of O(1/r).
UR - http://www.scopus.com/inward/record.url?scp=77956987124&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-14623-7_29
DO - 10.1007/978-3-642-14623-7_29
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:77956987124
SN - 3642146228
SN - 9783642146220
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 538
EP - 557
BT - Advances in Cryptology - CRYPTO 2010 - 30th Annual Cryptology Conference, Proceedings
T2 - 30th Annual International Cryptology Conference, CRYPTO 2010
Y2 - 15 August 2010 through 19 August 2010
ER -