5,716 research outputs found
Adaptively Secure Coin-Flipping, Revisited
The full-information model was introduced by Ben-Or and Linial in 1985 to
study collective coin-flipping: the problem of generating a common bounded-bias
bit in a network of players with faults. They showed that the
majority protocol can tolerate adaptive corruptions, and
conjectured that this is optimal in the adaptive setting. Lichtenstein, Linial,
and Saks proved that the conjecture holds for protocols in which each player
sends a single bit. Their result has been the main progress on the conjecture
in the last 30 years.
In this work we revisit this question and ask: what about protocols involving
longer messages? Can increased communication allow for a larger fraction of
faulty players?
We introduce a model of strong adaptive corruptions, where in each round, the
adversary sees all messages sent by honest parties and, based on the message
content, decides whether to corrupt a party (and intercept his message) or not.
We prove that any one-round coin-flipping protocol, regardless of message
length, is secure against at most strong adaptive
corruptions. Thus, increased message length does not help in this setting.
We then shed light on the connection between adaptive and strongly adaptive
adversaries, by proving that for any symmetric one-round coin-flipping protocol
secure against adaptive corruptions, there is a symmetric one-round
coin-flipping protocol secure against strongly adaptive corruptions.
Returning to the standard adaptive model, we can now prove that any symmetric
one-round protocol with arbitrarily long messages can tolerate at most
adaptive corruptions.
At the heart of our results lies a novel use of the Minimax Theorem and a new
technique for converting any one-round secure protocol into a protocol with
messages of bits. This technique may be of independent interest
Multiparty Quantum Coin Flipping
We investigate coin-flipping protocols for multiple parties in a quantum
broadcast setting:
(1) We propose and motivate a definition for quantum broadcast. Our model of
quantum broadcast channel is new.
(2) We discovered that quantum broadcast is essentially a combination of
pairwise quantum channels and a classical broadcast channel. This is a somewhat
surprising conclusion, but helps us in both our lower and upper bounds.
(3) We provide tight upper and lower bounds on the optimal bias epsilon of a
coin which can be flipped by k parties of which exactly g parties are honest:
for any 1 <= g <= k, epsilon = 1/2 - Theta(g/k).
Thus, as long as a constant fraction of the players are honest, they can
prevent the coin from being fixed with at least a constant probability. This
result stands in sharp contrast with the classical setting, where no
non-trivial coin-flipping is possible when g <= k/2.Comment: v2: bounds now tight via new protocol; to appear at IEEE Conference
on Computational Complexity 200
Recommended from our members
A Lower Bound for Adaptively-Secure Collective Coin-Flipping Protocols
In 1985, Ben-Or and Linial (Advances in Computing Research \u2789) introduced the collective coin-flipping problem, where n parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates O(sqrt n) adaptive corruptions. They conjectured that this is optimal for such adversaries.
We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message.
Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica \u2789), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP \u2715)
Quantum cryptography: key distribution and beyond
Uniquely among the sciences, quantum cryptography has driven both
foundational research as well as practical real-life applications. We review
the progress of quantum cryptography in the last decade, covering quantum key
distribution and other applications.Comment: It's a review on quantum cryptography and it is not restricted to QK
Unconditionally secure quantum coin flipping
Quantum coin flipping (QCF) is an essential primitive for quantum
cryptography. Unconditionally secure strong QCF with an arbitrarily small bias
was widely believed to be impossible. But basing on a problem which cannot be
solved without quantum algorithm, here we propose such a QCF protocol, and show
how it manages to evade all existing no-go proofs on QCF.Comment: The protocol is modified so that the security proof can be
simplified. Also corrected a flaw in the analysis on the no-go proof in
Ref.[13]. We thank the anonymous referee for pinpointing out the fla
Coin flipping from a cosmic source: On error correction of truly random bits
We study a problem related to coin flipping, coding theory, and noise
sensitivity. Consider a source of truly random bits x \in \bits^n, and
parties, who have noisy versions of the source bits y^i \in \bits^n, where
for all and , it holds that \Pr[y^i_j = x_j] = 1 - \eps, independently
for all and . That is, each party sees each bit correctly with
probability , and incorrectly (flipped) with probability
, independently for all bits and all parties. The parties, who cannot
communicate, wish to agree beforehand on {\em balanced} functions f_i :
\bits^n \to \bits such that is maximized. In
other words, each party wants to toss a fair coin so that the probability that
all parties have the same coin is maximized. The functions may be thought
of as an error correcting procedure for the source .
When no error correction is possible, as the optimal protocol is
given by . On the other hand, for large values of , better
protocols exist. We study general properties of the optimal protocols and the
asymptotic behavior of the problem with respect to , and \eps. Our
analysis uses tools from probability, discrete Fourier analysis, convexity and
discrete symmetrization
Multi-party Poisoning through Generalized -Tampering
In a poisoning attack against a learning algorithm, an adversary tampers with
a fraction of the training data with the goal of increasing the
classification error of the constructed hypothesis/model over the final test
distribution. In the distributed setting, might be gathered gradually from
data providers who generate and submit their shares of
in an online way.
In this work, we initiate a formal study of -poisoning attacks in
which an adversary controls of the parties, and even for each
corrupted party , the adversary submits some poisoned data on
behalf of that is still "-close" to the correct data (e.g.,
fraction of is still honestly generated). For , this model
becomes the traditional notion of poisoning, and for it coincides with
the standard notion of corruption in multi-party computation.
We prove that if there is an initial constant error for the generated
hypothesis , there is always a -poisoning attacker who can decrease
the confidence of (to have a small error), or alternatively increase the
error of , by . Our attacks can be implemented in
polynomial time given samples from the correct data, and they use no wrong
labels if the original distributions are not noisy.
At a technical level, we prove a general lemma about biasing bounded
functions through an attack model in which each
block might be controlled by an adversary with marginal probability
in an online way. When the probabilities are independent, this coincides with
the model of -tampering attacks, thus we call our model generalized
-tampering. We prove the power of such attacks by incorporating ideas from
the context of coin-flipping attacks into the -tampering model and
generalize the results in both of these areas
- …