Paper 2018/901
On the Complexity of Fair Coin Flipping
Iftach Haitner, Nikolaos Makriyannis, and Eran Omri
Abstract
A two-party coin-flipping protocol is $\epsilon$-fair if no efficient adversary can bias the output of the honest party (who always outputs a bit, even if the other party aborts) by more than $\epsilon$. Cleve [STOC '86] showed that $r$-round $o(1/r)$-fair coin-flipping protocols do not exist. Awerbuch et al. [Manuscript '85] constructed a $\Theta(1/\sqrt{r})$-fair coin-flipping protocol, assuming the existence of one-way functions. Moran et al. [Journal of Cryptology '16] constructed an $r$-round coin-flipping protocol that is $\Theta(1/r)$-fair (thus matching the aforementioned lower bound of Cleve [STOC '86]), assuming the existence of oblivious transfer. The above gives rise to the intriguing question of whether oblivious transfer, or more generally ``public-key primitives'', is required for an $o(1/\sqrt r)$-fair coin flipping. This question was partially answered by Dachman-Soled et al. [TCC '11] and Dachman-Soled et al. [TCC '14], who showed that restricted types of fully black-box reductions cannot establish $o(1/\sqrt r)$-fair coin-flipping protocols from one-way functions. In particular, for constant-round coin-flipping protocols, Dachman-Soled et al. showed that black-box techniques from one-way functions can only guarantee fairness of order $1/\sqrt{r}$. We make progress towards answering the above question by showing that, for any constant $r\in \mathbb N$, the existence of an $1/(c\cdot \sqrt{r})$-fair, $r$-round coin-flipping protocol implies the existence of an infinitely-often key-agreement protocol, where $c$ denotes some universal constant (independent of $r$). Our reduction is non black-box and makes a novel use of the recent dichotomy for two-party protocols of Haitner et al. [FOCS '18] to facilitate a two-party variant of the recent attack of Beimel et al. [FOCS '18] on multi-party coin-flipping protocols.
Metadata
- Available format(s)
- Publication info
- Published by the IACR in TCC 2018
- Keywords
- coin flippingcryptographyfairnesskey agreement
- Contact author(s)
-
n makriyannis @ gmail com
iftach haitner @ cs tau ac il
omrier @ ariel ac il - History
- 2018-09-25: received
- Short URL
- https://ia.cr/2018/901
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/901, author = {Iftach Haitner and Nikolaos Makriyannis and Eran Omri}, title = {On the Complexity of Fair Coin Flipping}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/901}, year = {2018}, url = {https://eprint.iacr.org/2018/901} }