TY - JOUR

T1 - A Lower Bound for Adaptively-Secure Collective Coin Flipping Protocols

AU - Kalai, Yael Tauman

AU - Komargodski, Ilan

AU - Raz, Ran

N1 - Funding Information:
Research supported by the Simons Collaboration on Algorithms and Geometry and by the National Science Foundation grants No. CCF-1714779 and CCF-1412958. Acknowledgements

PY - 2020

Y1 - 2020

N2 - In 1985, Ben-Or and Linial (Advances in Computing Research 1989) introduced the collective coin flipping problem, where n parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates O(√n) adaptive corruptions. They conjectured that this is optimal for such adversaries. We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message. Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica 1989), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP 2015).

AB - In 1985, Ben-Or and Linial (Advances in Computing Research 1989) introduced the collective coin flipping problem, where n parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates O(√n) adaptive corruptions. They conjectured that this is optimal for such adversaries. We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message. Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica 1989), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP 2015).

UR - http://www.scopus.com/inward/record.url?scp=85096942292&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85096942292&partnerID=8YFLogxK

U2 - 10.1007/s00493-020-4147-4

DO - 10.1007/s00493-020-4147-4

M3 - Article

AN - SCOPUS:85096942292

JO - Combinatorica

JF - Combinatorica

SN - 0209-9683

ER -