A Tight Lower Bound on Adaptively Secure Full-Information Coin Flip

Haitner, Iftach; Karidi-Heller, Yonatan

doi:10.1109/focs46700.2020.00120

Cited by 11 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regardless of which function is used to map the coin-flip sequence to a shared coin, the adversary can bias it whenever t = Ω( √ n). Very recently Haitner and Karidi-Heller [HK20] resolved the complexity of Ben-Or-Linial-type sequential coin flipping games against an adaptive adversary, that can corrupt players at will, as information is revealed. They proved that any such shared coin can be fixed to a desired outcome with probability 1 − o(1) by adaptively corrupting Õ( √ n) parties.…”

Section: Related Workmentioning

confidence: 99%

Byzantine Agreement in Polynomial Time with Near-Optimal Resilience

Huang¹,

Pettie²,

Zhu³

2022

Preprint

View full text Add to dashboard Cite

It has been known since the early 1980s that Byzantine Agreement in the full information, asynchronous model is impossible to solve deterministically against even one crash fault [FLP85], but that it can be solved with probability 1 [Ben83], even against an adversary that controls the scheduling of all messages and corrupts up to f < n/3 players [Bra87]. The main downside of [Ben83, Bra87] is that they terminate in 2 Θ(n) rounds in expectation whenever f = Θ(n).King and Saia [KS16, KS18] developed a polynomial protocol (polynomial rounds, polynomial computation) that is resilient to f < (1.14 × 10 −9 )n Byzantine faults. The new idea in their protocol is to detect-and blacklist-coalitions of likely-bad players by analyzing the deviations of random variables generated by those players over many rounds.In this work we design a simple collective coin-flipping protocol such that if any coalition of faulty players repeatedly does not follow protocol, then they will eventually be detected by one of two simple statistical tests. Using this coin-flipping protocol, we solve Byzantine Agreement in a polynomial number of rounds, even in the presence of up to f < n/4 Byzantine faults. This comes close to the f < n/3 upper bound on the maximum number of faults [BT85, FLM86, LSP82]. * This work was supported by NSF grant CCF-1815316. 1 https://theprint.in/opinion/benfords-law-detects-data-fudging-so-we-ran-it-through-indian-states-covid-numbers/673085/ 2

show abstract

Section: Related Workmentioning

confidence: 99%

Byzantine Agreement in Polynomial Time with Near-Optimal Resilience

Huang¹,

Pettie²,

Zhu³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Regardless of which function is used to map the coin-flip sequence to a shared coin, the adversary can bias it whenever 𝑡 = Ω( √ 𝑛). Very recently Haitner and Karidi-Heller [24] resolved the complexity of Ben-Or-Linialtype sequential coin flipping games against an adaptive adversary, that can corrupt players at will, as information is revealed. They proved that any such shared coin can be fixed to a desired outcome with probability 1 − 𝑜 (1) by adaptively corrupting Õ ( √ 𝑛) parties.…”

Section: Related Workmentioning

confidence: 99%

Byzantine agreement in polynomial time with near-optimal resilience

Huang¹,

Pettie²,

Zhu³

2022

Proceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing

View full text Add to dashboard Cite

It has been known since the early 1980s that Byzantine Agreement in the full information, asynchronous model is impossible to solve deterministically against even one crash fault [FLP 1985], but that it can be solved with probability 1 [Ben-Or 1983], even against an adversary that controls the scheduling of all messages and corrupts up to 𝑓 < 𝑛/3 players [Bracha 1987]. The main downside of [Ben-Or 1983, Bracha 1987 is that they terminate with 2 Θ(𝑛) latency in expectation whenever 𝑓 = Θ(𝑛).King and Saia [KS 2016, KS 2018] developed a polynomial protocol (polynomial latency, polynomial local computation) that is resilient to 𝑓 < (1.14 × 10 −9 )𝑛 Byzantine faults. The new idea in their protocol is to detect-and blacklist-coalitions of likely-bad players by analyzing the deviations of random variables generated by those players over many rounds.In this work we design a simple collective coin-flipping protocol such that if any coalition of faulty players repeatedly does not follow protocol, then they will eventually be detected by one of two simple statistical tests. Using this coin-flipping protocol, we solve Byzantine Agreement in polynomial latency, even in the presence of up to 𝑓 < 𝑛/4 Byzantine faults. This comes close to the 𝑓 < 𝑛/3 upper bound on the maximum number of faults [LSP 1982, BT 1985, FLM 1986].

show abstract

“…Subsequently, [33,43] generalized this result to the case where the processors broadcast arbitrary-length messages. Recently, in a breakthrough result, Haitner and Karidi-Heller [44] extended this result to multi-turn coin-tossing protocols, i.e., a processor may send messages in multiple rounds. Essentially, these results imply that the majority protocol (more generally, the threshold protocols) are qualitatively optimal.…”

Section: Related Work: Multiple Corruptionsmentioning

confidence: 99%

Computational Hardness of Collective Coin-Tossing Protocols

Maji

2020

Entropy

View full text Add to dashboard Cite

Ben-Or and Linial, in a seminal work, introduced the full information model to study collective coin-tossing protocols. Collective coin-tossing is an elegant functionality providing uncluttered access to the primary bottlenecks to achieve security in a specific adversarial model. Additionally, the research outcomes for this versatile functionality has direct consequences on diverse topics in mathematics and computer science. This survey summarizes the current state-of-the-art of coin-tossing protocols in the full information model and recent advances in this field. In particular, it elaborates on a new proof technique that identifies the minimum insecurity incurred by any coin-tossing protocol and, simultaneously, constructs the coin-tossing protocol achieving that insecurity bound. The combinatorial perspective into this new proof-technique yields new coin-tossing protocols that are more secure than well-known existing coin-tossing protocols, leading to new isoperimetric inequalities over product spaces. Furthermore, this proof-technique’s algebraic reimagination resolves several long-standing fundamental hardness-of-computation problems in cryptography. This survey presents one representative application of each of these two perspectives.

show abstract

A Tight Lower Bound on Adaptively Secure Full-Information Coin Flip

Cited by 11 publications

References 17 publications

Byzantine Agreement in Polynomial Time with Near-Optimal Resilience

Byzantine Agreement in Polynomial Time with Near-Optimal Resilience

Byzantine agreement in polynomial time with near-optimal resilience

Computational Hardness of Collective Coin-Tossing Protocols

Contact Info

Product

Resources

About