TY - GEN
T1 - A tight lower bound on adaptively secure full-information coin flip
AU - Haitner, Iftach
AU - Karidi-Heller, Yonatan
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/11
Y1 - 2020/11
N2 - In a distributed coin-flipping protocol, Blum [ACM Transactions on Computer Systems'83], the parties try to output a common (close to) uniform bit, even when some adversarially chosen parties try to bias the common output. In an adaptively secure full-information coin flip, Ben-Or and Linial [FOCS'85], the parties communicate over a broadcast channel and a computationally unbounded adversary can choose which parties to corrupt along the protocol execution. Ben-Or and Linial proved that the n-party majority protocol is resilient to O(sqrt{n}) corruptions (ignoring poly-logarithmic factors), and conjectured this is a tight upper bound for any n-party protocol (of any round complexity). Their conjecture was proved to be correct for single-turn (each party sends a single message) single-bit (a message is one bit) protocols Lichtenstein, Linial, and Saks [Combinatorica'89], symmetric protocols Goldwasser, Tauman Kalai, and Park [ICALP'15], and recently for (arbitrary message length) single-turn protocols Tauman Kalai, Komargodski, and Raz [DISC'18]. Yet, the question for many-turn protocols was left completely open. In this work we close the above gap, proving that no n-party protocol (of any round complexity) is resilient to omega(sqrt{n}) (adaptive) corruptions.
AB - In a distributed coin-flipping protocol, Blum [ACM Transactions on Computer Systems'83], the parties try to output a common (close to) uniform bit, even when some adversarially chosen parties try to bias the common output. In an adaptively secure full-information coin flip, Ben-Or and Linial [FOCS'85], the parties communicate over a broadcast channel and a computationally unbounded adversary can choose which parties to corrupt along the protocol execution. Ben-Or and Linial proved that the n-party majority protocol is resilient to O(sqrt{n}) corruptions (ignoring poly-logarithmic factors), and conjectured this is a tight upper bound for any n-party protocol (of any round complexity). Their conjecture was proved to be correct for single-turn (each party sends a single message) single-bit (a message is one bit) protocols Lichtenstein, Linial, and Saks [Combinatorica'89], symmetric protocols Goldwasser, Tauman Kalai, and Park [ICALP'15], and recently for (arbitrary message length) single-turn protocols Tauman Kalai, Komargodski, and Raz [DISC'18]. Yet, the question for many-turn protocols was left completely open. In this work we close the above gap, proving that no n-party protocol (of any round complexity) is resilient to omega(sqrt{n}) (adaptive) corruptions.
KW - adaptive adversaries
KW - coin flipping
KW - lower bound
UR - http://www.scopus.com/inward/record.url?scp=85100329188&partnerID=8YFLogxK
U2 - 10.1109/FOCS46700.2020.00120
DO - 10.1109/FOCS46700.2020.00120
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85100329188
T3 - Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
SP - 1268
EP - 1276
BT - Proceedings - 2020 IEEE 61st Annual Symposium on Foundations of Computer Science, FOCS 2020
PB - IEEE Computer Society
T2 - 61st IEEE Annual Symposium on Foundations of Computer Science, FOCS 2020
Y2 - 16 November 2020 through 19 November 2020
ER -