International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: On the (Im-)Possibility of Extending Coin Toss

Dennis Hofheinz
Jörn Müller-Quade
Dominique Unruh
Search ePrint
Search Google
Abstract: We consider the cryptographic two-party protocol task of extending a given coin toss. The goal is to generate n common random coins from a single use of an ideal functionality which gives m<n common random coins to the parties. In the framework of Universal Composability we show the impossibility of securely extending a coin toss for statistical and perfect security. On the other hand, for computational security the existence of a protocol for coin toss extension depends on the number m of random coins which can be obtained "for free". For the case of stand-alone security, i.e., a simulation based security definition without an environment, we present a novel protocol for unconditionally secure coin toss extension. The new protocol works for superlogarithmic m, which is optimal as we show the impossibility of statistically secure coin toss extension for smaller m. Combining our results with already known results, we obtain a (nearly) complete characterization under which circumstances coin toss extension is possible.
  title={On the (Im-)Possibility of Extending Coin Toss},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / coin toss, universal composability, reactive simulatability, cryptographic protocols},
  note={This is the full version of the paper presented at Eurocrypt 2006 13294 received 26 May 2006},
  author={Dennis Hofheinz and Jörn Müller-Quade and Dominique Unruh},