Bounding the Communication Complexity of Fault-Tolerant Common Coin Tossing

Abstract: Protocols for tossing a common coin play a key role in the vast majority of implementations of consensus. Even though the common coins in the literature are usually \emph{fair} (they have equal chance of landing heads or tails), we focus on the problem of implementing a \emph{biased} common coin such that the probability of landing heads is $p \in [0,1]$. Even though biased common coins can be implemented using fair common coins, we show that this can require significant inter-party communication. In fact, we show that there is no bound on the number of messages needed to generate a common coin of bias $p$ in a way that tolerates even one malicious agent, even if we restrict $p$ to an arbitrary infinite subset of $[0,1]$ (e.g., rational numbers of the form $1/2^n$) and assume that the system is synchronous. By way of contrast, if we do not require the protocol to tolerate a faulty agent, we can do this. Thus, the cause of the message complexity is the requirement of fault tolerance.