Protocols for tossing a common coin play a key role in the vast majority of implementations of consensus. Even though the common coins in the literature are usually \emph{fair} (they have equal chance of landing heads or tails), we focus on the problem of implementing a \emph{biased} common coin such that the probability of landing heads is $p \in [0,1]$. Even though biased common coins can be implemented using fair common coins, we show that this can require significant inter-party communication. In fact, we show that there is no bound on the number of messages needed to generate a common coin of bias $p$ in a way that tolerates even one malicious agent, even if we restrict $p$ to an arbitrary infinite subset of $[0,1]$ (e.g., rational numbers of the form $1/2^n$) and assume that the system is synchronous. By way of contrast, if we do not require the protocol to tolerate a faulty agent, we can do this. Thus, the cause of the message complexity is the requirement of fault tolerance.

翻译：在绝大多数共识协议实现中，共同抛硬币协议扮演着关键角色。尽管文献中的共同硬币通常是公平的（即正面和反面概率相等），但我们关注的是实现有偏共同硬币的问题，即正面概率为$p \in [0,1]$。虽然可以通过公平共同硬币实现有偏共同硬币，但我们证明这可能导致显著的协议间通信开销。事实上，我们证明：即使将$p$限制在$[0,1]$的任意无穷子集（例如形如$1/2^n$的有理数）且系统保持同步，也无法在容忍任意恶意节点的情况下，给出产生偏差为$p$的共同硬币所需消息数的上界。相比之下，若协议不需要容错，则可实现有界通信复杂度。因此，容错性要求是导致消息复杂度的根本原因。