On the complexity of fair coin flipping

Iftach Haitner, Nikolaos Makriyannis, Eran Omri

Research output: Contribution to journalArticlepeer-review

Abstract

A two-party coin-flipping protocol is ε-fair if no efficient adversary can bias the output of the honest party (who always outputs a bit, even if the other party aborts) by more than ε. Cleve [STOC '86] showed that r-round o(1/r)-fair coin-flipping protocols do not exist. Awerbuch, Blum, Chor, Goldwasser, and Micali [Manuscript '85] constructed a Θ(1/r)-fair coin-flipping protocol, assuming the existence of one-way functions. Moran, Naor, and Segev [Journal of Cryptology '16] constructed an r-round coin-flipping protocol that is Θ(1/r)-fair (thus matching the aforementioned lower bound of Cleve [STOC '86]), assuming the existence of oblivious transfer. The above gives rise to the intriguing question of whether oblivious transfer, or more generally “public-key primitives,” is required for an o(1/r)-fair coin-flipping protocol. Towards answering this intriguing question, Maji and Wang [Crypto '18] have recently showed that in the random oracle model (ROM), any coin-flipping protocol can be biased by Ω(1/r). This implies that o(1/r)-fair coin-flipping protocol cannot be constructed from one-way function, or from a family of collision-resistant hash functions, in a black-box way. This result does not rule out, however, non black-box constructions, and black-box constructions based on primitives that cannot be realized in the ROM. We make a different progress towards answering above question by showing that, for any constant r∈N, the existence of an 1/(c⋅r)-fair, r-round coin-flipping protocol implies the existence of an infinitely-often key-agreement protocol, where c denotes some universal constant (independent of r). Our reduction is non black-box and makes a novel use of the recent dichotomy for two-party protocols of Haitner, Nissim, Omri, Shaltiel, and Silbak [SICOMP '20] to facilitate a two-party variant of the recent attack of Beimel, Haitner, Makriyannis, and Omri [FOCS '18] on multi-party coin-flipping protocols.

Original languageEnglish
Pages (from-to)23-38
Number of pages16
JournalTheoretical Computer Science
Volume914
DOIs
StatePublished - 7 May 2022

Keywords

  • Coin-flipping
  • Fairness
  • Key-agreement

Fingerprint

Dive into the research topics of 'On the complexity of fair coin flipping'. Together they form a unique fingerprint.

Cite this