In 1985, Ben-Or and Linial (Advances in Computing Research 1989) introduced the collective coin flipping problem, where n parties communicate via a single broadcast channel and wish to generate a common random bit in the presence of adaptive Byzantine corruptions. In this model, the adversary can decide to corrupt a party in the course of the protocol as a function of the messages seen so far. They showed that the majority protocol, in which each player sends a random bit and the output is the majority value, tolerates O(√n) adaptive corruptions. They conjectured that this is optimal for such adversaries.

We prove that the majority protocol is optimal (up to a poly-logarithmic factor) among all protocols in which each party sends a single, possibly long, message.

Previously, such a lower bound was known for protocols in which parties are allowed to send only a single bit (Lichtenstein, Linial, and Saks, Combinatorica 1989), or for symmetric protocols (Goldwasser, Kalai, and Park, ICALP 2015).

1985年，Ben-Or和Linial（《计算机研究进展》 1989年）提出了集体硬币翻转问题，其中n个当事方通过单个广播信道进行通信，并希望在自适应拜占庭式腐败存在的情况下产生一个公共的随机比特。在这种模型中，对手可以根据迄今为止看到的消息来决定在协议过程中破坏一方。它们表明，大多数协议，其中每个玩家发送一个随机位，其输出是大多数值，容忍ø（√ Ñ）自适应损坏。他们认为，这对于此类对手是最佳的。

我们证明，在所有协议中，每一方都发送一条单个消息（可能是长消息）的情况下，多数协议是最佳的（最多是对数因子）。

以前，这样的下限是已知的用于在哪些方被允许只发送一个协议单位（列支敦士登，Linial，和Saks，Combinatorica 1989），或为对称协议（戈德瓦塞尔，卡莱，和Park，ICALP 2015）。