ECCC-Report TR18-140https://eccc.weizmann.ac.il/report/2018/140Comments and Revisions published for TR18-140en-usSat, 01 Sep 2018 07:25:52 +0300
Revision 1
| A Lower Bound for Adaptively-Secure Collective Coin-Flipping Protocols |
Yael Tauman Kalai,
Ilan Komargodski,
Ran Raz
https://eccc.weizmann.ac.il/report/2018/140#revision1In 1985, Ben-Or and Linial (Advances in Computing Research '89) introduced the collective coin-flipping problem, where $n$ parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates $O(\sqrt n)$ adaptive corruptions. They conjectured that this is optimal for such adversaries.
We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message.
Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica '89), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP '15).Sat, 01 Sep 2018 07:25:52 +0300https://eccc.weizmann.ac.il/report/2018/140#revision1
Paper TR18-140
| A Lower Bound for Adaptively-Secure Collective Coin-Flipping Protocols |
Yael Tauman Kalai,
Ilan Komargodski,
Ran Raz
https://eccc.weizmann.ac.il/report/2018/140In 1985, Ben-Or and Linial (Advances in Computing Research '89) introduced the collective coin-flipping problem, where $n$ parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates $O(\sqrt n)$ adaptive corruptions. They conjectured that this is optimal for such adversaries.
We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message.
Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica '89), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP '15).Sat, 11 Aug 2018 16:10:17 +0300https://eccc.weizmann.ac.il/report/2018/140