TY - GEN

T1 - An optimally fair coin toss

AU - Moran, Tal

AU - Naor, Moni

AU - Segev, Gil

PY - 2009

Y1 - 2009

N2 - We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC '86] showed that for any two-party r-round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by Ω(1/r). However, the best previously known protocol only guarantees bias, and the question of whether Cleve's bound is tight has remained open for more than twenty years. In this paper we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve's lower bound is tight: we construct an r-round protocol with bias O(1/r).

AB - We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC '86] showed that for any two-party r-round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by Ω(1/r). However, the best previously known protocol only guarantees bias, and the question of whether Cleve's bound is tight has remained open for more than twenty years. In this paper we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve's lower bound is tight: we construct an r-round protocol with bias O(1/r).

UR - http://www.scopus.com/inward/record.url?scp=70350649064&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-00457-5_1

DO - 10.1007/978-3-642-00457-5_1

M3 - Conference contribution

AN - SCOPUS:70350649064

SN - 3642004563

SN - 9783642004568

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 18

BT - Theory of Cryptography - 6th Theory of Cryptography Conference, TCC 2009, Proceedings

T2 - 6th Theory of Cryptography Conference, TCC 2009

Y2 - 15 March 2009 through 17 March 2009

ER -