The Minimum Number of Cards in Practical Card-based Protocols

The elegant “five-card trick” of den Boer (EUROCRYPT 1989) allows two players to securely compute a logical AND of two private bits, using five playing cards of symbols $\heartsuit$ and $\clubsuit$. Since then, card-based protocols have been successfully put to use in classroom environments, vividly illustrating secure multiparty computation – and evoked research on the minimum number of cards needed for several functionalities. Securely computing arbitrary circuits needs protocols for negation, AND and bit copy in committed-format, where outputs are commitments again. Negation just swaps the bit\u27s cards, computing AND and copying a bit $n$ times can be done with six and $2n+2$ cards, respectively, using the simple protocols of Mizuki and Sone (FAW 2009). Koch, Walzer and Härtel (ASIACRYPT 2015) showed that five cards suffice for computing AND in finite runtime, albeit using relatively complex and unpractical shuffle operations. In this paper, we show that if we restrict shuffling to closed permutation sets, the six-card protocol is optimal in the finite-runtime setting. If we additionally assume a uniform distribution on the permutations in a shuffle, we show that restart-free four-card AND protocols are impossible. These shuffles are easy to perform even in an actively secure manner (Koch and Walzer, ePrint 2017). For copying bit commitments, the protocol of Nishimura et al. (ePrint 2017) needs only $2n+1$ cards, but performs a number of complex shuffling steps that is only finite in expectation. We show that it is impossible to go with less cards. If we require an a priori bound on the runtime, we show that the $(2n+2)$-card protocol is card-minimal

AND Protocols Using Only Uniform Shuffles

Secure multi-party computation using a deck of playing cards has been a subject of research since the "five-card trick" introduced by den Boer in 1989. One of the main problems in card-based cryptography is to design committed-format protocols to compute a Boolean AND operation subject to different runtime and shuffle restrictions by using as few cards as possible. In this paper, we introduce two AND protocols that use only uniform shuffles. The first one requires four cards and is a restart-free Las Vegas protocol with finite expected runtime. The second one requires five cards and always terminates in finite time.Comment: This paper has appeared at CSR 201

Anonymous credit cards and their collusion analysis

Communications networks are traditionally used to bring information together. They can also be used to keep information apart in order to protect personal privacy. A cryptographic protocol specifies a process by which some information is transferred among some users and hidden from others. We show how to implement anonymous credit cards using simple cryptographic protocols. We pose, and solve, a collusion problem which determines whether it is possible for a subset of users to discover information that is designed to be hidden from them during or after execution of the anonymous credit card protocol

A framework for analyzing RFID distance bounding protocols

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol

Application of High-precision Timing Systems to Distributed Survey Systems

In any hydrographic survey system that consists of more than one computer, one of the most difficult integration problems is to ensure that all components maintain a coherent sense of time. Since virtually all modern survey systems are of this type, timekeeping and synchronized timestamping of data as it is created is of significant concern. This paper describes a method for resolving this problem based on the IEEE 1588 Precise Time Protocol (PTP) implemented by hardware devices, layered with some custom software called the Software Grandmaster (SWGM) algorithm. This combination of hardware and software maintains a coherent sense of time between multiple ethernet-connected computers, on the order of 100 ns (rms) in the best case, of the timebase established by the local GPS-receiver clock. We illustrate the performance of this techniques in a practical survey system using a Reson 7P sonar processor connected to a Reson 7125 Multibeam Echosounder (MBES), integrated with an Applanix POS/MV 320 V4 and a conventional data capture computer. Using the timing capabilities of the PTP hardware implementations, we show that the timepieces achieve mean (hardware based) synchronization and timestamping within 100-150 ns (rms), and that the data created at the Reson 7P without hardware timestamps has a latency variability of 28 µs (rms) due to software constraints within the capture system. This compares to 288 ms (rms) using Reson’s standard hybrid hardware/software solution, and 13.6 ms (rms) using a conventional single-oscillator timestamping model