So now we'll assume that we do have such a function.
We'll assume that we have a function H
that acts like a random oracle
that provides the properties of an ideal cryptographic hash function.
Let's try our coin-tossing protocol again.
So, here's our new protocol design.
Alice will pick a number, 0 or 1,
representing heads or tails.
She'll compute using our ideal cryptographic hash function--
the hash of x--and she'll send m to Bob.
Bob will make a guess,
send that guess back to Alice.
Then Alice will send her claimed value of x back to Bob.
Bob can check if the hash of x equals m.
If that's not the case, then Bob suspects that Alice has cheated.
If x is equal to g, Bob wins.
So, do we like this protocol?
We'll assume that H is an ideal hash function,
So which one of the parties, if any--or both--can cheat
with this new protocol that we've defined?
