Protocols for tossing a common coin play a key role in the vast majority of implementations of consensus. Even though the common coins in the literature are usually \emph{fair} (they have equal chance of landing heads or tails), we focus on the problem of implementing a \emph{biased} common coin such that the probability of landing heads is $p \in [0,1]$. Even though biased common coins can be implemented using fair common coins, we show that this can require significant inter-party communication. In fact, we show that there is no bound on the number of messages needed to generate a common coin of bias $p$ in a way that tolerates even one malicious agent, even if we restrict $p$ to an arbitrary infinite subset of $[0,1]$ (e.g., rational numbers of the form $1/2^n$) and assume that the system is synchronous. By way of contrast, if we do not require the protocol to tolerate a faulty agent, we can do this. Thus, the cause of the message complexity is the requirement of fault tolerance.

翻译：公共硬币抛掷协议在绝大多数共识实现中起着关键作用。尽管文献中的公共硬币通常是\emph{公平的}（正面或反面朝上的概率相等），但我们重点关注实现一个\emph{有偏的}公共硬币问题，使得正面朝上的概率为$p \in [0,1]$。虽然可以使用公平公共硬币来实现有偏公共硬币，但我们表明这可能需要大量方间通信。事实上，我们证明，在容忍至少一个恶意代理的情况下，生成偏置为$p$的公共硬币所需的消息数量没有上界，即使将$p$限制在$[0,1]$的任意无限子集（例如形如$1/2^n$的有理数）且假设系统是同步的。相比之下，如果协议不需要容忍故障代理，则可以实现这一点。因此，消息复杂性的根源在于容错性要求。