Scribd
Upload
5 views9 pages

Technical Paper Presentation

The document discusses the fairness problem in distributed coin flipping and secure multi-party computation, highlighting how Alice can gain an unfair advantage by knowing the outcome of a coin toss before Bob. It introduces a novel solution leveraging Bitcoin's infrastructure to provide fairness without the need for a trusted third party, using its audit log and scripting capabilities. This approach suggests a transformative potential for secure computations in distributed settings.

Uploaded by

annahegde552
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views9 pages

Technical Paper Presentation

The document discusses the fairness problem in distributed coin flipping and secure multi-party computation, highlighting how Alice can gain an unfair advantage by knowing the outcome of a coin toss before Bob. It introduces a novel solution leveraging Bitcoin's infrastructure to provide fairness without the need for a trusted third party, using its audit log and scripting capabilities. This approach suggests a transformative potential for secure computations in distributed settings.

Uploaded by

annahegde552
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

DOI:10.

1145/ 2 8 9 8 42 9

Technical Perspective
To view the accompanying paper,
visit doi.acm.org/10.1145/2896386 rh

Fairness and
the Coin Flip
By David Wagner

ALICE AND BOB have a pleasant dinner to- Unfortunately, this scheme has provides an audit log of transactions,
gether, and want to randomly choose one shortcoming. Alice learns the and it allows transactions to contain
who will have to wash the dishes after- outcome of the coin toss before Bob scripts—programs that determine
ward. How can they fairly choose? One does. If Alice is dishonest or a poor whether the transaction will happen.
time-honored method is for Alice to flip loser, she can gain an unfair advan- The authors use this aspect of Bitcoin
a coin (hiding it from Bob). Bob calls tage. After Bob sends his guess, Alice to achieve fairness: scripts imple-
his guess, and then Alice can reveal the knows whether she won or lost; if she ment the functionality that would
coin, revealing who is stuck washing won, she can continue to reveal the otherwise need to be provided by a
dishes. Both can verify for themselves coin toss outcome and claim her win- trusted third-party escrow service.
whether the procedure was fair. nings, but if she lost, she can refuse More broadly, distributed coin
What if Alice and Bob are on op- to continue the protocol, break the flipping is not the only task we
posite sides of the globe, able to com- connection with Bob, and if necessary might want to perform in a distrib-
municate only via the Internet? Over claim her computer crashed. This uted world. Decades ago, cryptogra-
three decades ago, cryptographers way, a dishonest Alice can ensure ei- phers studied the general problem
designed a clever scheme for solving ther she wins or no one does, which of multi-party secure computation,
this coin-tossing problem: roughly, is unfair to Bob. This is known as the where Alice and Bob want to joint-
Alice flips a coin and sends Bob a fairness problem. ly perform some computation on
cryptographic hash of the outcome; In some applications, unfairness their data, but without revealing
Bob sends Alice his guess; and then can be tolerated, for instance, if there their own data to each other. Coin
Alice can reveal the coin toss out- is a way to punish cheaters or if the flipping is just one instance of this
come, allowing both Alice and Bob parties must place a deposit with a paradigm. Cryptographers have
to verify who won and who lost. This trusted escrow service before begin- shown a very strong result: essen-
protocol is useful in distributed set- ning the coin-flip process. In others, tially every task of this form can be
tings where multiple parties who do though, this is a serious problem. done securely. However, again these
not trust each other want to jointly Researchers have explored various protocols suffer from an unavoid-
generate random values that no one methods for providing fairness, but able fairness problem: one party
can influence or bias. none are fully satisfactory. More- learns the result of the computation
over, there are negative results: in before the other, and can terminate
a general setting where there is no the protocol early and prevent the
The following trusted third party for dispute reso- other from learning the output. One
lution, the fairness problem appears especially exciting aspect of this pa-
paper introduces to be unsolvable. The general view per is that it suggests a direction for
an exciting new seemed to be that this is simply an achieving fairness for general multi-
unavoidable problem. party secure computation, if the par-
idea for how to The following paper introduces an ties are willing to use Bitcoin. Who
provide fairness: exciting new idea for how to provide would have predicted Bitcoin could
fairness: leverage Bitcoin’s existing have such implications for secure
leverage infrastructure for distributed con- distributed computation?
Bitcoin’s existing sensus. Bitcoin is a sophisticated dis-
tributed system that was designed to
infrastructure
David Wagner is a professor of computer science at the
University of California, Berkeley.
resist manipulation even by sophisti-
for distributed cated, well-resourced attackers. The
authors illustrate how we can build
consensus. cryptographic protocols whose secu-
rity rests on the foundation provided
by Bitcoin: breaking the cryptograph-
ic protocol would require breaking
Bitcoin, something that is believed to
be difficult to do.
The paper exploits a fascinating
feature of Bitcoin technology. Bitcoin Copyright held by author.

A P R I L 2 0 1 6 | VO L. 59 | N O. 4 | C OM M U N IC AT ION S OF T HE ACM 75
Technical Perspective:
Fairness and the Coin Flip
By David Wagner, UC Berkeley

by HARSHIT SINGH
Classic Coin Flip Fairness
Traditional Method
Alice flips a coin; Bob guesses; outcome reveals who washes dishes.

Verification
Both can verify fairness by revealing the coin outcome.
Remote Coin Flip Challenge
Internet Coin Toss Bob's Guess
Alice sends cryptographic hash Bob sends his guess back to
of coin toss to Bob. Alice.

Reveal Outcome
Alice reveals toss outcome for verification.
The Fairness Problem
Dishonest Alice Unfair Advantage
Alice learns outcome first She either wins or no one
and can cheat by aborting if does, unfair to Bob.
she loses.

Unsolvable in General
Without trusted third party, fairness seems impossible.
Bitcoin as a Fairness Solution
Distributed Consensus Audit Log & Scripts

Bitcoin9s infrastructure resists manipulation by attackers. Bitcoin transactions include scripts acting like escrow services.
Extending Fairness Beyond
Coin Flips
Secure Computation Fairness Challenge
Alice and Bob compute One party learns results first
jointly without revealing and can abort early.
private data.

Bitcoin9s Potential
Offers a new direction for fairness in multi-party computations.
Implications of Bitcoin for
Security
Strong Security Foundation
Breaking protocol requires breaking Bitcoin, which is very hard.

Trusted Escrow Replacement


Scripts replace need for trusted third-party escrow services.
Summary and Outlook
Fairness Problem Bitcoin Innovation
Longstanding challenge in Leverages blockchain to
distributed coin flipping and enable fairness without
computation. trusted third parties.

Future Directions
Potential to transform secure multi-party computations globally.

You might also like