Paper 2006/177
On the (Im-)Possibility of Extending Coin Toss
Dennis Hofheinz, Joern Mueller-Quade, and Dominique Unruh
Abstract
We consider the cryptographic two-party protocol task of extending a given coin toss. The goal is to generate n common random coins from a single use of an ideal functionality which gives m<n common random coins to the parties. In the framework of Universal Composability we show the impossibility of securely extending a coin toss for statistical and perfect security. On the other hand, for computational security the existence of a protocol for coin toss extension depends on the number m of random coins which can be obtained "for free". For the case of stand-alone security, i.e., a simulation based security definition without an environment, we present a novel protocol for unconditionally secure coin toss extension. The new protocol works for superlogarithmic m, which is optimal as we show the impossibility of statistically secure coin toss extension for smaller m. Combining our results with already known results, we obtain a (nearly) complete characterization under which circumstances coin toss extension is possible.
Metadata
- Available format(s)
- PDF PS
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. This is the full version of the paper presented at Eurocrypt 2006
- Keywords
- coin tossuniversal composabilityreactive simulatabilitycryptographic protocols
- Contact author(s)
- unruh @ ira uka de
- History
- 2006-05-26: received
- Short URL
- https://ia.cr/2006/177
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2006/177, author = {Dennis Hofheinz and Joern Mueller-Quade and Dominique Unruh}, title = {On the (Im-)Possibility of Extending Coin Toss}, howpublished = {Cryptology {ePrint} Archive, Paper 2006/177}, year = {2006}, url = {https://eprint.iacr.org/2006/177} }