# Fair coin flipping: Tighter analysis and the many-party case

Niv Buchbinder, Iftach Haitner, Nissan Levi, Eliad Tsfadia

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

## Abstract

In a multi-party fair coin-ipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. In this work we focus on the case of dishonest majority, ie at least half of the parties can be corrupted. [19] [STOC 1986] has shown that in any m-round coin-ipping protocol the corrupted parties can bias the honest parties' common output bit by Θ(1=m). For more than two decades the best known coin-ipping protocols against majority was the protocol of [9] [Manuscript 1985], who presented a t-party, m-round protocol with bias Θ(t= p m). This was changed by the breakthrough result of [42] [TCC 2009], who constructed an m- round, two-party coin-ipping protocol with optimal bias Θ(1=m). Recently, [32] [STOC 14] constructed an m-round, three-party coin-ipping protocol with bias O(log3 m=m). Still for the case of more than three parties, against arbitrary number of corruptions, the best known protocol remained the Θ(t= p m)-bias protocol of [9]. We make a step towards eliminating the above gap, presenting a t-party, m-round coin-ipping protocol, with bias O( t3.2t. p √logm/ m1=2+1=(2t-1-2) ). This improves upon the Θ(t= p m)-bias protocol of [9] for any t ≥ 1=2 . log logm, and in particular for t 2 O(1), this yields an 1=m 1 2 + Θ((1)- bias protocol. For the three-party case, this yields an O( p logm=m)-bias protocol, improving over the the O(log3 m=m)-bias protocol of [32]. Our protocol generalizes that of [32], by presenting an appropriate \defense protocols" for the remaining parties to interact in, in the case that some parties abort or caught cheating ([32] only presented a two-party defense protocol, which limits their final protocol to handle three parties). We analyze our new protocols by presenting a new paradigm for analyzing fairness of coin-ipping protocols. We map the set of adversarial strategies that try to bias the honest parties outcome in the protocol to the set of the feasible solutions of a linear program. The gain each strategy achieves is the value of the corresponding solution. We then bound the the optimal value of the linear program by constructing a feasible solution to its dual.

Original language English 28th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2017 Philip N. Klein Association for Computing Machinery 2580-2600 21 9781611974782 https://doi.org/10.1137/1.9781611974782.170 Published - 2017 28th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2017 - Barcelona, SpainDuration: 16 Jan 2017 → 19 Jan 2017

### Publication series

Name Proceedings of the Annual ACM-SIAM Symposium on Discrete Algorithms 0

### Conference

Conference 28th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2017 Spain Barcelona 16/01/17 → 19/01/17

## Keywords

• Coin-ipping
• Fair computation
• Stopping time problems

## Fingerprint

Dive into the research topics of 'Fair coin flipping: Tighter analysis and the many-party case'. Together they form a unique fingerprint.