Subcubic Coin Tossing in Asynchrony without Setup

TL;DR

This paper introduces new setup-free asynchronous coin-tossing protocols that achieve high fault tolerance with subcubic communication complexity, enabling more efficient Byzantine agreement.

Contribution

It presents the first setup-free, cryptographically secure coin-tossing protocols with subcubic communication complexity that tolerate near-linear Byzantine faults.

Findings

Achieves setup-free cryptographically secure binary coins tolerating up to (1/4 - ε)n faults.

Provides setup-free coins with o(n^3) communication cost against Θ(n) faults.

Enables setup-free asynchronous Byzantine agreement with improved efficiency.

Abstract

We consider an asynchronous network of $n$ parties connected to each other via secure channels, up to $t$ of which are byzantine. We study common coin tossing, a task where the parties try to agree on an unpredictable random value, with some chance of failure due to the byzantine parties' influence. Coin tossing is a well known and often studied task due to its use in byzantine agreement. In this work, we present an adaptively secure committee-based method to roughly speaking turn strong but costly common coins into cheaper but lower-quality ones. For all $k > 2$ and $\varepsilon > 0$, we show how to use a strong (very rarely failing) coin that costs $\widetilde{O}(n^k)$ bits of communication to get a cheaper coin that costs $\widetilde{O}(\varepsilon^{-2k}n^{3 - 2/k})$ bits of communication. This latter coin tolerates $\varepsilon n$ fewer byzantine parties than the former, and it fails with an arbitrarily small constant probability. For any $\varepsilon > 0$, our method allows us to get a perfectly secure binary coin that tolerates $t \leq (\frac{1}{4} - \varepsilon)n$ faults with $O(n^{2.5}(\varepsilon^{-8} + \log n))$ messages of size $O(\log n)$, as well as a setup-free cryptographically secure binary coin that tolerates $t \leq (\frac{1}{3} - \varepsilon)n$ faults with $O(n^{7/3}\varepsilon^{-6}\kappa\log n)$ bits of communication (where $\kappa = \Omega(\log n)$ is a cryptographic security paramater). These coins both have $O(\log n)$ latency. They are to our knowledge the first setup-free coins that cost $o(n^3)$ bits of communication but still succeed with at least constant probability against $t = \Theta(n)$ adaptive byzantine faults. As such, they for the first time enable setup-free (and even perfectly secure) asynchronous byzantine agreement with $o(n^3)$ communication against $\Theta(n)$ adaptive byzantine faults.