The mixing time of the Thorp shuffle

The Thorp shuffle is defined as follows. Cut the deck into two equal piles. Drop the first card from the left pile or the right pile according to the outcome of a fair coin flip; then drop from the other pile. Continue this way until both piles are empty. We show that the mixing time for the Thorp shuffle with $2^d$ cards is polynomial in $d$.Comment: 21 page

A Note on Quantum-Secure PRPs

We show how to construct pseudorandom permutations (PRPs) that remain secure even if the adversary can query the permutation on a quantum superposition of inputs. Such PRPs are called \emph{quantum-secure}. Our construction combines a quantum-secure pseudorandom \emph{function} together with constructions of \emph{classical} format preserving encryption. By combining known results, we obtain the first quantum-secure PRP in this model whose security relies only on the existence of one-way functions. Previously, to the best of the author\u27s knowledge, quantum security of PRPs had to be assumed, and there were no prior security reductions to simpler primitives, let alone one-way functions

Improved mixing time bounds for the Thorp shuffle and L-reversal chain

We prove a theorem that reduces bounding the mixing time of a card shuffle to verifying a condition that involves only pairs of cards, then we use it to obtain improved bounds for two previously studied models. E. Thorp introduced the following card shuffling model in 1973. Suppose the number of cards n is even. Cut the deck into two equal piles. Drop the first card from the left pile or from the right pile according to the outcome of a fair coin flip. Then drop from the other pile. Continue this way until both piles are empty. We obtain a mixing time bound of O(log^4 n). Previously, the best known bound was O(log^{29} n) and previous proofs were only valid for n a power of 2. We also analyze the following model, called the L-reversal chain, introduced by Durrett. There are n cards arrayed in a circle. Each step, an interval of cards of length at most L is chosen uniformly at random and its order is reversed. Durrett has conjectured that the mixing time is O(max(n, n^3/L^3) log n). We obtain a bound that is within a factor O(log^2 n) of this,the first bound within a poly log factor of the conjecture.Comment: 20 page

Обчислення оцінок стійкості шифрів, побудованих на методах перемішування карт

Кваліфікаційна робота містить: 79 стор., 4 рисунки, 39 джерел. Метою дипломної роботи є обчислення оцінок стійкості шифрів, побудованих на методах перемішування карт. Об’єктом дослідження є процес криптографіного перетворення інформації за допомогою шифрів, які використовують методи перемішування карт. Предметом дослідження є стійкість шифрів, які використовують методи перемішування карт. В роботі зроблено огляд класичних та сучасних підходів криптографіного перетворення інформації за допомогою шифрів, які використовують карткові перемішування. Узагальнено схему шифрування Mix-And-Cut та запропоновано новий шифр на основі Mix-And-Cut. Досліджені властивості такого шифру та обчислені оцінки стійкості. Також, у роботі запропонована нова атака на шифр Swap-Or-Not.The thesis contains: 79 pages, 4 figures, 39 sources. In this thesis, a detailed analysis was made of the calculation evaluation of ciphers based on the methods of cards shuffle. The object is the process of cryptographic conversion of information, using ciphers that based on card shuffle. The subject is the security of ciphers that use card shuffling methods. In this thesis, a detailed analysis was made of classical and modern approaches of cryptographic transformation of information, used ciphers that based on card shuffle. Generalized Mix-And-Cut cipher and introduced new cipher based on Mix-And-Cut. Reviewed properties of this cipher and calculated its security. Also, in this work proposed new attack on Swap-Or-Not cipher.Квалификационная робота содержит: 79 страницы, 4 рисунка, 39 источников. Целью дипломной работы является подсчет оценок стойкости шифров, что даст возможность качественно использовать структуру таких схем для криптографии. Объектом исследования является процесс криптографического преобразования информации с помощью шифров, которые используют карточные схемы подстановок. Предметом исследования является стойкость шифров, которые используют методы подстановок карт. В работе проведен обзор классических и современных подходов криптографического преобразования информации с помощью шифров, которые используют схемы подстановок карт. Обобщена схема шифрования Mix-And-Cut и предложен новый шифр на основе Mix-And-Cut. Исследованы свойства такого шифра и посчитаны оценки стойкости. В работе предложена новая атака на шифр Swap-Or-Not

Ruffle: Rapid 3-party shuffle protocols

Secure shuffle is an important primitive that finds use in several applications such as secure electronic voting, oblivious RAMs, secure sorting, to name a few. For time-sensitive shuffle-based applications that demand a fast response time, it is essential to design a fast and efficient shuffle protocol. In this work, we design secure and fast shuffle protocols relying on the techniques of secure multiparty computation. We make several design choices that aid in achieving highly efficient protocols. Specifically, we consider malicious 3-party computation setting with an honest majority and design robust ring-based protocols. Our shuffle protocols provide a fast online (i.e., input-dependent) phase compared to the state-of-the-art for the considered setting. To showcase the efficiency improvements brought in by our shuffle protocols, we consider two distinct applications of anonymous broadcast and secure graph computation via the GraphSC paradigm. In both cases, multiple shuffle invocations are required. Hence, going beyond standalone shuffle invocation, we identify two distinct scenarios of multiple invocations and provide customised protocols for the same. Further, we showcase that our customized protocols not only provide a fast response time, but also provide improved overall run time for multiple shuffle invocations. With respect to the applications, we not only improve in terms of efficiency, but also work towards providing improved security guarantees, thereby outperforming the respective state-of-the-art works. We benchmark our shuffle protocols and the considered applications to analyze the efficiency improvements with respect to various parameters

The mixing time of the Thorp shuffle

The Thorp shuffle is defined as follows. Cut the deck into two equal piles. Drop the first card from the left pile or the right pile according to the outcome of a fair coin flip; then drop from the other pile. Continue this way until both piles are empty. We show that the mixing time for the Thorp shuffle with $2^d$ cards is polynomial in $d$

Improved mixing time bounds for the Thorp shuffle

E. Thorp introduced the following card shuffling model. Suppose the number of cards $n$ is even. Cut the deck into two equal piles. Drop the first card from the left pile or from the right pile according to the outcome of a fair coin flip. Then drop from the other pile. Continue this way until both piles are empty. We show that if $n$ is a power of 2 then the mixing time of the Thorp shuffle is $O(\log^3 n)$. Previously, the best known bound was $O(\log^4 n)$