An Optimally Fair Coin Toss

We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC \u2786] showed that for any two-party $r$-round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by $\Omega(1/r)$. However, the best previously known protocol only guarantees $O(1/\sqrt{r})$ bias, and the question of whether Cleve\u27s bound is tight has remained open for more than twenty years. In this paper we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve\u27s lower bound is tight: we construct an $r$-round protocol with bias $O(1/r)$

Rational Adversaries? Evidence from Randomized Trials in the Game of Cricket

In cricket, the right to make an important strategic decision is assigned via a coin toss. We utilize these "randomized trials" to examine (a) the consistency of choices made by teams with strictly opposed preferences, and (b) the treatment effects of chosen actions. We find significant evidence of inconsistency, with teams often agreeing on who is to bat first. Estimated treatment effects show that choices are often poorly made since they reduce the probability of the team winning.

Chances, counterfactuals and similarity

John Hawthorne in a recent paper takes issue with Lewisian accounts of counterfactuals, when relevant laws of nature are chancy. I respond to his arguments on behalf of the Lewisian, and conclude that while some can be rebutted, the case against the original Lewisian account is strong. I develop a neo-Lewisian account of what makes for closeness of worlds. I argue that my revised version avoids Hawthorne’s challenges. I argue that this is closer to the spirit of Lewis’s first (non-chancy) proposal than is Lewis’s own suggested modification

Variable Bias Coin Tossing

Alice is a charismatic quantum cryptographer who believes her parties are unmissable; Bob is a (relatively) glamorous string theorist who believes he is an indispensable guest. To prevent possibly traumatic collisions of self-perception and reality, their social code requires that decisions about invitation or acceptance be made via a cryptographically secure variable bias coin toss (VBCT). This generates a shared random bit by the toss of a coin whose bias is secretly chosen, within a stipulated range, by one of the parties; the other party learns only the random bit. Thus one party can secretly influence the outcome, while both can save face by blaming any negative decisions on bad luck. We describe here some cryptographic VBCT protocols whose security is guaranteed by quantum theory and the impossibility of superluminal signalling, setting our results in the context of a general discussion of secure two-party computation. We also briefly discuss other cryptographic applications of VBCT.Comment: 14 pages, minor correction

A Universal Scheme for Transforming Binary Algorithms to Generate Random Bits from Loaded Dice

In this paper, we present a universal scheme for transforming an arbitrary algorithm for biased 2-face coins to generate random bits from the general source of an m-sided die, hence enabling the application of existing algorithms to general sources. In addition, we study approaches of efficiently generating a prescribed number of random bits from an arbitrary biased coin. This contrasts with most existing works, which typically assume that the number of coin tosses is fixed, and they generate a variable number of random bits.Comment: 2 columns, 10 page

No Transaction Fees? No Problem! Achieving Fairness in Transaction Fee Mechanism Design

The recently proposed Transaction Fee Mechanism (TFM) literature studies the strategic interaction between the miner of a block and the transaction creators (or users) in a blockchain. In a TFM, the miner includes transactions that maximize its utility while users submit fees for a slot in the block. The existing TFM literature focuses on satisfying standard incentive properties -- which may limit widespread adoption. We argue that a TFM is "fair" to the transaction creators if it satisfies specific notions, namely Zero-fee Transaction Inclusion and Monotonicity. First, we prove that one generally cannot ensure both these properties and prevent a miner's strategic manipulation. We also show that existing TFMs either do not satisfy these notions or do so at a high cost to the miners' utility. As such, we introduce a novel TFM using on-chain randomness -- rTFM. We prove that rTFM guarantees incentive compatibility for miners and users while satisfying our novel fairness constraints.Comment: Extended Abstract (AAMAS '24