A Lower Bound for Adaptively-Secure Collective Coin-Flipping Protocols

In 1985, Ben-Or and Linial (Advances in Computing Research '89) introduced the collective coin-flipping problem, where n parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates O(sqrt n) adaptive corruptions. They conjectured that this is optimal for such adversaries. We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message. Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica '89), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP '15).

[1]  Bar Alon,et al.  Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious , 2016, TCC.

[2]  Ravi B. Boppana,et al.  Perfect-Information Leader Election with Optimal Resilience , 2000, SIAM J. Comput..

[3]  Eran Omri,et al.  Tighter Bounds on Multi-Party Coin Flipping via Augmented Weak Martingales and Differentially Private Sampling , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[4]  Noga Alon,et al.  The Probabilistic Method , 2015, Fundamentals of Ramsey Theory.

[5]  Nathan Linial,et al.  The Influence of Variables on Boolean Functions (Extended Abstract) , 1988, FOCS 1988.

[6]  James Aspnes,et al.  Lower bounds for distributed coin-flipping and randomized consensus , 1997, STOC '97.

[7]  Niv Buchbinder,et al.  Fair Coin Flipping: Tighter Analysis and the Many-Party Case , 2017, SODA.

[8]  Iftach Haitner,et al.  An almost-optimally fair three-party coin-flipping protocol , 2014, STOC.

[9]  Yael Tauman Kalai,et al.  A Lower Bound for Adaptively-Secure Collective Coin Flipping Protocols , 2020, Combinatorica.

[10]  Alessandro Panconesi,et al.  Concentration of Measure for the Analysis of Randomized Algorithms , 2009 .

[11]  Moni Naor,et al.  An Optimally Fair Coin Toss , 2015, Journal of Cryptology.

[12]  Nathan Linial,et al.  The influence of large coalitions , 1993, Comb..

[13]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[14]  Uriel Feige,et al.  Noncryptographic selection protocols , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[15]  Eran Omri,et al.  Protocols for Multiparty Coin Toss with a Dishonest Majority , 2015, Journal of Cryptology.

[16]  Noga Alon,et al.  Coin-Flipping Games Immune Against Linear-Sized Coalitions , 1993, SIAM J. Comput..

[17]  Yael Tauman Kalai,et al.  Adaptively Secure Coin-Flipping, Revisited , 2015, ICALP.

[18]  Ravi B. Boppana,et al.  The biased coin problem , 1993, SIAM J. Discret. Math..

[19]  Yevgeniy Dodis,et al.  Impossibility of Black-Box Reduction from Non-Adaptively to Adaptively Secure Coin-Flipping , 2000, Electron. Colloquium Comput. Complex..

[20]  Yael Tauman Kalai,et al.  Compressing Communication in Distributed Protocols , 2015, DISC.

[21]  Michael E. Saks A Robust Noncryptographic Protocol for Collective Coin Flipping , 1989, SIAM J. Discret. Math..

[22]  Michael E. Saks,et al.  Lower bounds for leader election and collective coin-flipping in the perfect information model , 1999, STOC '99.

[23]  Michael E. Saks,et al.  Some extremal problems arising from discrete control processes , 1989, Comb..

[24]  Nathan Linial,et al.  Collective Coin Flipping , 1989, Adv. Comput. Res..