An almost-optimally fair three-party coin-flipping protocol

In a multiparty fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. Cleve [STOC 1986] has shown that in the case of dishonest majority (i.e., at least half of the parties can be corrupted), in any m-round coin-flipping protocol, the corrupted parties can bias the honest parties' common output bit by Ω(1/m). For more than two decades, the best known coin-flipping protocols against dishonest majority had bias [EQUATION], where ℓ is the number of corrupted parties. This was changed by a recent breakthrough result of Moran et al. [TCC 2009], who constructed an m-round, two-party coin-flipping protocol with optimal bias Θ(1/m). In a subsequent work, Beimel et al. [Crypto 2010] extended this result to the multiparty case in which less than 2/3 of the parties can be corrupted. Still for the case of 2/3 (or more) corrupted parties, the best known protocol had bias [EQUATION]. In particular, this was the state of affairs for the natural three-party case. We make a step towards eliminating the above gap, presenting an m-round, three-party coin-flipping protocol, with bias O(log2m)/m. Our approach (which we also apply for the two-party case) does not follow the "threshold round" paradigm used in the work of Moran et al. and Beimel et al., but rather is a variation of the majority protocol of Cleve, used to obtain the aforementioned [EQUATION]-bias protocol.

[1]  Eran Omri,et al.  Coin Flipping with Constant Bias Implies One-Way Functions , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[2]  Yevgeniy Dodis,et al.  Multiparty quantum coin flipping , 2004 .

[3]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[4]  Itay Berman,et al.  Coin flipping of any constant bias implies one-way functions , 2014, STOC.

[5]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[6]  Alexander Russell,et al.  Perfect information leader election in log*n+O(1) rounds , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[7]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[8]  Moni Naor,et al.  Basing cryptographic protocols on tamper-evident seals , 2010, Theor. Comput. Sci..

[9]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[10]  Andris Ambainis A new protocol and lower bounds for quantum coin flipping , 2004, J. Comput. Syst. Sci..

[11]  Jonathan Katz On achieving the "best of both worlds" in secure multiparty computation , 2007, STOC '07.

[12]  Irene A. Stegun,et al.  Handbook of Mathematical Functions. , 1966 .

[13]  Manuel Blum How to exchange (secret) keys , 1983, STOC '83.

[14]  Omer Reingold,et al.  Statistically Hiding Commitments and Statistical Zero-Knowledge Arguments from Any One-Way Function , 2009, SIAM J. Comput..

[15]  Andrew Chi-Chih Yao,et al.  Quantum bit escrow , 2000, STOC '00.

[16]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[17]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[18]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[19]  Nathan Linial,et al.  Collective Coin Flipping , 1989, Adv. Comput. Res..

[20]  Noga Alon,et al.  Coin-Flipping Games Immune Against Linear-Sized Coalitions , 1993, SIAM J. Comput..

[21]  Amit Sahai,et al.  On the Computational Complexity of Coin Flipping , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[22]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[23]  Moni Naor,et al.  An Optimally Fair Coin Toss , 2015, Journal of Cryptology.

[24]  Yael Tauman Kalai,et al.  Smooth Projective Hashing and Two-Message Oblivious Transfer , 2005, Journal of Cryptology.

[25]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[26]  Alexander Russell,et al.  Perfect Information Leader Election in log* n+O (1) Rounds , 2001, J. Comput. Syst. Sci..

[27]  Eran Omri,et al.  Protocols for Multiparty Coin Toss with Dishonest Majority , 2010, CRYPTO.

[28]  Yehuda Lindell,et al.  On the Black-Box Complexity of Optimally-Fair Coin Tossing , 2011, TCC.

[29]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[30]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[31]  Iftach Haitner,et al.  Implementing Oblivious Transfer Using Collection of Dense Trapdoor Permutations , 2004, TCC.

[32]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[33]  Uriel Feige,et al.  Noncryptographic selection protocols , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[34]  Yehuda Lindell,et al.  Complete Fairness in Secure Two-Party Computation , 2011, JACM.

[35]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[36]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[37]  M. Skala Hypergeometric tail inequalities: ending the insanity , 2013, 1311.5939.

[38]  David Cella,et al.  Achieving the best of both worlds. , 2013, Journal of clinical oncology : official journal of the American Society of Clinical Oncology.

[39]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[40]  Michael E. Saks A Robust Noncryptographic Protocol for Collective Coin Flipping , 1989, SIAM J. Discret. Math..

[41]  Eran Omri,et al.  Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions , 2015, TCC.

[42]  Eran Omri,et al.  1/p-Secure Multiparty Computation without Honest Majority and the Best of Both Worlds , 2011, CRYPTO.