Weizmann Logo
ECCC
Electronic Colloquium on Computational Complexity

Under the auspices of the Computational Complexity Foundation (CCF)

Login | Register | Classic Style



REPORTS > DETAIL:

Revision(s):

Revision #1 to TR18-140 | 1st September 2018 07:25

A Lower Bound for Adaptively-Secure Collective Coin-Flipping Protocols

RSS-Feed




Revision #1
Authors: Yael Tauman Kalai, Ilan Komargodski, Ran Raz
Accepted on: 1st September 2018 07:25
Downloads: 1225
Keywords: 


Abstract:

In 1985, Ben-Or and Linial (Advances in Computing Research '89) introduced the collective coin-flipping problem, where $n$ parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates $O(\sqrt n)$ adaptive corruptions. They conjectured that this is optimal for such adversaries.

We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message.

Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica '89), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP '15).



Changes to previous version:

Added comparison to Aspnes (JACM '98) and fixed one reference.


Paper:

TR18-140 | 11th August 2018 06:03

A Lower Bound for Adaptively-Secure Collective Coin-Flipping Protocols





TR18-140
Authors: Ilan Komargodski, Ran Raz, Yael Tauman Kalai
Publication: 11th August 2018 16:10
Downloads: 1293
Keywords: 


Abstract:

In 1985, Ben-Or and Linial (Advances in Computing Research '89) introduced the collective coin-flipping problem, where $n$ parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates $O(\sqrt n)$ adaptive corruptions. They conjectured that this is optimal for such adversaries.

We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message.

Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica '89), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP '15).



ISSN 1433-8092 | Imprint