AND Protocols Using Only Uniform Shuffles

Secure multi-party computation using a deck of playing cards has been a subject of research since the "five-card trick" introduced by den Boer in 1989. One of the main problems in card-based cryptography is to design committed-format protocols to compute a Boolean AND operation subject to different runtime and shuffle restrictions by using as few cards as possible. In this paper, we introduce two AND protocols that use only uniform shuffles. The first one requires four cards and is a restart-free Las Vegas protocol with finite expected runtime. The second one requires five cards and always terminates in finite time.Comment: This paper has appeared at CSR 201

Biased random-to-top shuffling

Recently Wilson [Ann. Appl. Probab. 14 (2004) 274--325] introduced an important new technique for lower bounding the mixing time of a Markov chain. In this paper we extend Wilson's technique to find lower bounds of the correct order for card shuffling Markov chains where at each time step a random card is picked and put at the top of the deck. Two classes of such shuffles are addressed, one where the probability that a given card is picked at a given time step depends on its identity, the so-called move-to-front scheme, and one where it depends on its position. For the move-to-front scheme, a test function that is a combination of several different eigenvectors of the transition matrix is used. A general method for finding and using such a test function, under a natural negative dependence condition, is introduced. It is shown that the correct order of the mixing time is given by the biased coupon collector's problem corresponding to the move-to-front scheme at hand. For the second class, a version of Wilson's technique for complex-valued eigenvalues/eigenvectors is used. Such variants were presented in [Random Walks and Geometry (2004) 515--532] and [Electron. Comm. Probab. 8 (2003) 77--85]. Here we present another such variant which seems to be the most natural one for this particular class of problems. To find the eigenvalues for the general case of the second class of problems is difficult, so we restrict attention to two special cases. In the first case the card that is moved to the top is picked uniformly at random from the bottom $k=k(n)=o(n)$ cards, and we find the lower bound $(n^3/(4\pi^2k(k-1)))\log n$. Via a coupling, an upper bound exceeding this by only a factor 4 is found. This generalizes Wilson's [Electron. Comm. Probab. 8 (2003) 77--85] result on the Rudvalis shuffle and Goel's [Ann. Appl. Probab. 16 (2006) 30--55] result on top-to-bottom shuffles. In the second case the card moved to the top is, with probability 1/2, the bottom card and with probability 1/2, the card at position $n-k$. Here the lower bound is again of order $(n^3/k^2)\log n$, but in this case this does not seem to be tight unless $k=O(1)$. What the correct order of mixing is in this case is an open question. We show that when $k=n/2$, it is at least $\Theta(n^2)$.Comment: Published at http://dx.doi.org/10.1214/10505160600000097 in the Annals of Applied Probability (http://www.imstat.org/aap/) by the Institute of Mathematical Statistics (http://www.imstat.org

Linear maps on k^I, and homomorphic images of infinite direct product algebras

Let k be an infinite field, I an infinite set, V a k-vector-space, and g:k^I\to V a k-linear map. It is shown that if dim_k(V) is not too large (under various hypotheses on card(k) and card(I), if it is finite, respectively countable, respectively < card(k)), then ker(g) must contain elements (u_i)_{i\in I} with all but finitely many components u_i nonzero. These results are used to prove that any homomorphism from a direct product \prod_I A_i of not-necessarily-associative algebras A_i onto an algebra B, where dim_k(B) is not too large (in the same senses) must factor through the projection of \prod_I A_i onto the product of finitely many of the A_i, modulo a map into the subalgebra \{b\in B | bB=Bb=\{0\}\}\subseteq B. Detailed consequences are noted in the case where the A_i are Lie algebras.Comment: 14 pages. Lemma 6 has been strengthened, with resulting strengthening of other results. Some typos etc. have been correcte