Protocols for Multiparty Coin Toss with a Dishonest Majority

2015 
Coin-tossing protocols are protocols that generate a random bit with uniform distribution, although some corrupted parties might try to bias the output. These protocols are used as a building block in many cryptographic protocols. Cleve (Proc. of the 18th ACM Symp. on the Theory of Computing, pp. 364---369, 1986) has shown that if at least half of the parties can be corrupted, then, in any r-round coin-tossing protocol, the corrupted parties can cause a bias of Ω(1/r) to the bit that the honest parties output. However, for more than two decades the best known protocols had bias ${t}/\sqrt{{r}}$, where t is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev (Proc. of the Sixth Theory of Cryptography Conference, TCC 2009, pp. 1---18, 2009) constructed an r-round two-party coin-tossing protocol with the optimal bias of O(1/r). We extend the results of Moran et al. to the multiparty model where fewer than 2/3 of the parties are corrupted. The bias of our protocol is proportional to 1/r and doubly exponential in the gap between the number of corrupted parties and the number of honest parties in the protocol. In particular, for a constant number of parties, where fewer than 2/3 of them are corrupted. we present an r-round m-party coin-tossing protocol with an optimal bias of O(1/r). Furthermore, we achieve the same bias even when the number of parties m is non-constant and the number of corrupted parties is m/2+O(1).
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    34
    References
    17
    Citations
    NaN
    KQI
    []