TY - JOUR

T1 - Protocols for Multiparty Coin Toss with a Dishonest Majority

AU - Beimel, Amos

AU - Omri, Eran

AU - Orlov, Ilan

N1 - Publisher Copyright:
© 2013, International Association for Cryptologic Research.

PY - 2015/7/12

Y1 - 2015/7/12

N2 - Coin-tossing protocols are protocols that generate a random bit with uniform distribution, although some corrupted parties might try to bias the output. These protocols are used as a building block in many cryptographic protocols. Cleve (Proc. of the 18th ACM Symp. on the Theory of Computing, pp. 364–369, 1986) has shown that if at least half of the parties can be corrupted, then, in any r-round coin-tossing protocol, the corrupted parties can cause a bias of Ω(1/r) to the bit that the honest parties output. However, for more than two decades the best known protocols had bias ${t}/\sqrt{{r}}$, where t is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev (Proc. of the Sixth Theory of Cryptography Conference, TCC 2009, pp. 1–18, 2009) constructed an r-round two-party coin-tossing protocol with the optimal bias of O(1/r). We extend the results of Moran et al. to the multiparty model where fewer than 2/3 of the parties are corrupted. The bias of our protocol is proportional to 1/r and doubly exponential in the gap between the number of corrupted parties and the number of honest parties in the protocol. In particular, for a constant number of parties, where fewer than 2/3 of them are corrupted. we present an r-round m-party coin-tossing protocol with an optimal bias of O(1/r). Furthermore, we achieve the same bias even when the number of parties m is non-constant and the number of corrupted parties is m/2+O(1).

AB - Coin-tossing protocols are protocols that generate a random bit with uniform distribution, although some corrupted parties might try to bias the output. These protocols are used as a building block in many cryptographic protocols. Cleve (Proc. of the 18th ACM Symp. on the Theory of Computing, pp. 364–369, 1986) has shown that if at least half of the parties can be corrupted, then, in any r-round coin-tossing protocol, the corrupted parties can cause a bias of Ω(1/r) to the bit that the honest parties output. However, for more than two decades the best known protocols had bias ${t}/\sqrt{{r}}$, where t is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev (Proc. of the Sixth Theory of Cryptography Conference, TCC 2009, pp. 1–18, 2009) constructed an r-round two-party coin-tossing protocol with the optimal bias of O(1/r). We extend the results of Moran et al. to the multiparty model where fewer than 2/3 of the parties are corrupted. The bias of our protocol is proportional to 1/r and doubly exponential in the gap between the number of corrupted parties and the number of honest parties in the protocol. In particular, for a constant number of parties, where fewer than 2/3 of them are corrupted. we present an r-round m-party coin-tossing protocol with an optimal bias of O(1/r). Furthermore, we achieve the same bias even when the number of parties m is non-constant and the number of corrupted parties is m/2+O(1).

KW - Cheat detection

KW - Dishonest majority

KW - Fair coin tossing

KW - Multiparty computation

KW - Secure with abort

UR - http://www.scopus.com/inward/record.url?scp=84930766526&partnerID=8YFLogxK

U2 - 10.1007/s00145-013-9168-3

DO - 10.1007/s00145-013-9168-3

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:84930766526

SN - 0933-2790

VL - 28

SP - 551

EP - 600

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 3

ER -