Coin flipping by telephone a protocol for solving impossible problems

@inproceedings{Blum1983CoinFB,
  title={Coin flipping by telephone a protocol for solving impossible problems},
  author={M. Blum},
  booktitle={SIGA},
  year={1983}
}
  • M. Blum
  • Published in SIGA 1983
  • Computer Science
Alice and Bob want to flip a coin by telephone. (They have just divorced, live in different cities, want to decide who gets the car.) Bob would not like to tell Alice HEADS and hear Alice (at the other end of the line) say "Here goes . . . I'm flipping the coin. . . . You lost!"Coin-flipping in the SPECIAL way done here has a serious purpose. Indeed, it should prove an INDISPENSABLE TOOL of the protocol designer. Whenever a protocol requires one of two adversaries, say Alice, to pick a sequence… Expand

Topics from this paper

Abuses in Cryptography and How to Fight Them
TLDR
This paper demonstrates how several modern crypto-systems can be abused and generalizes [Sim83b]'s subliminal channel and [DGB87]'s abuse of the [FFS87, FS86] identification systems and demonstrates how one can prevent abuses of cryptosystems. Expand
A Fair Loss‐Tolerant Quantum Coin Flipping Protocol
Coin flipping is a cryptographic primitive in which two spatially separated players, who in principle do not trust each other, wish to agree on a random bit. Classical and quantum coin flippingExpand
Experimental loss-tolerant quantum coin flipping
TLDR
This work reports on the first experimental demonstration of a quantum coin-flipping protocol for which loss cannot be exploited to cheat better, and takes a significant step towards real-world applications of quantum communication. Expand
Fair Loss-Tolerant Quantum Coin Flipping
Coin flipping is a cryptographic primitive in which two spatially separated players, who do not trust each other, wish to establish a common random bit. If we limit ourselves to classicalExpand
Loss-Tolerant Quantum Coin Flipping
TLDR
A novel quantum protocol is introduced and it is proved its unconditional security even when such losses are taken into account. Expand
Flipping coins in many pockets (Byzantine agreement on uniformly random values)
TLDR
It is shown that no (probabilistic) protocol can achieve agreement on a fair coin in fewer phases then necessary for Byzantine agreement, and hence the "pre-dealt" nature of the random sequence required for Rabin's algorithm is crucial. Expand
An Optimally Fair Coin Toss
TLDR
This paper establishes the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols and shows that Cleve’s lower bound is tight. Expand
Protocols for Multiparty Coin Toss with a Dishonest Majority
TLDR
An r-round m-party coin-tossing protocol with an optimal bias of O(1/r) is presented, which achieves the same bias even when the number of parties m is non-constant and theNumber of corrupted parties is m/2+O(1). Expand
Quantum bit escrow
Uncondit ionally secure bit commi tmen t and coin flipping are known to be impossible in the classical world. Bit commitment is known to be impossible also in the quan tum world. We introduce aExpand
Protocols for Multiparty Coin Toss with Dishonest Majority
TLDR
This work presents an r-round m-party coin-tossing protocol with optimal bias of O(1/r), and extends Moran et al. results to the multiparty model when less than 2/3 of the parties are malicious. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 14 REFERENCES
How to exchange (secret) keys
TLDR
A protocol is presented whereby two adversaries may exchange secrets, although neither trusts the other, and it is shown how each of the two can prove, for each bit delivered, that the bit is good. Expand
A method for obtaining digital signatures and public-key cryptosystems
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two importantExpand
A method for obtaining digital signatures and public-key cryptosystems
TLDR
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key, soriers or other secure means are not needed to transmit keys. Expand
Probabilistic algorithm for testing primality
Abstract We present a practical probabilistic algorithm for testing large numbers of arbitrary form for primality. The algorithm has the feature that when it determines a number composite then theExpand
A Fast Monte-Carlo Test for Primality
TLDR
A uniform distribution a from a uniform distribution on the set 1, 2, 3, 4, 5 is a random number and if a and n are relatively prime, compute the residue varepsilon. Expand
Riemann's Hypothesis and tests for primality
  • G. Miller
  • Computer Science, Mathematics
  • STOC
  • 1975
TLDR
It is shown that primality is testable in time a polynomial in the length of the binary representation of a number, and a partial solution is given to the relationship between the complexity of computing the prime factorization of a numbers, computing the Euler phi function, and computing other related functions. Expand
Privacy and authentication: An introduction to cryptography
TLDR
The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks. Expand
Mental Poker
  • Mental Poker
  • 1981
The Complexity of Some Problems in N1~ber Theory Lecture Notes available from author
  • The Complexity of Some Problems in N1~ber Theory Lecture Notes available from author
  • 1978
Coin-Flipping into a Well
  • Coin-Flipping into a Well
...
1
2
...