Secure Grouping Protocol Using a Deck of Cards

We consider a problem, which we call secure grouping, of dividing a number of parties into some subsets (groups) in the following manner: Each party has to know the other members of his/her group, while he/she may not know anything about how the remaining parties are divided (except for certain public predetermined constraints, such as the number of parties in each group). In this paper, we construct an information-theoretically secure protocol using a deck of physical cards to solve the problem, which is jointly executable by the parties themselves without a trusted third party. Despite the non-triviality and the potential usefulness of the secure grouping, our proposed protocol is fairly simple to describe and execute. Our protocol is based on algebraic properties of conjugate permutations. A key ingredient of our protocol is our new techniques to apply multiplication and inverse operations to hidden permutations (i.e., those encoded by using face-down cards), which would be of independent interest and would have various potential applications

AND Protocols Using Only Uniform Shuffles

Secure multi-party computation using a deck of playing cards has been a subject of research since the "five-card trick" introduced by den Boer in 1989. One of the main problems in card-based cryptography is to design committed-format protocols to compute a Boolean AND operation subject to different runtime and shuffle restrictions by using as few cards as possible. In this paper, we introduce two AND protocols that use only uniform shuffles. The first one requires four cards and is a restart-free Las Vegas protocol with finite expected runtime. The second one requires five cards and always terminates in finite time.Comment: This paper has appeared at CSR 201

Card-Based Cryptography Meets Formal Verification

Card-based cryptography provides simple and practicable protocols for performing secure multi-party computation (MPC) with just a deck of cards. For the sake of simplicity, this is often done using cards with only two symbols, e.g., ♣ and ♡. Within this paper, we target the setting where all cards carry distinct symbols, catering for use-cases with commonly available standard decks and a weaker indistinguishability assumption. As of yet, the literature provides for only three protocols and no proofs for non-trivial lower bounds on the number of cards. As such complex proofs (handling very large combinatorial state spaces) tend to be involved and error-prone, we propose using formal verification for finding protocols and proving lower bounds. In this paper, we employ the technique of software bounded model checking (SBMC), which reduces the problem to a bounded state space, which is automatically searched exhaustively using a SAT solver as a backend. Our contribution is twofold: (a) We identify two protocols for converting between different bit encodings with overlapping bases, and then show them to be card-minimal. This completes the picture of tight lower bounds on the number of cards with respect to runtime behavior and shuffle properties of conversion protocols. For computing AND, we show that there is no protocol with finite runtime using four cards with distinguishable symbols and fixed output encoding, and give a four-card protocol with an expected finite runtime using only random cuts. (b) We provide a general translation of proofs for lower bounds to a bounded model checking framework for automatically finding card- and length-minimal protocols and to give additional confidence in lower bounds. We apply this to validate our method and, as an example, confirm our new AND protocol to have a shortest run for protocols using this number of cards

The Minimum Number of Cards in Practical Card-based Protocols

The elegant “five-card trick” of den Boer (EUROCRYPT 1989) allows two players to securely compute a logical AND of two private bits, using five playing cards of symbols $\heartsuit$ and $\clubsuit$. Since then, card-based protocols have been successfully put to use in classroom environments, vividly illustrating secure multiparty computation – and evoked research on the minimum number of cards needed for several functionalities. Securely computing arbitrary circuits needs protocols for negation, AND and bit copy in committed-format, where outputs are commitments again. Negation just swaps the bit\u27s cards, computing AND and copying a bit $n$ times can be done with six and $2n+2$ cards, respectively, using the simple protocols of Mizuki and Sone (FAW 2009). Koch, Walzer and Härtel (ASIACRYPT 2015) showed that five cards suffice for computing AND in finite runtime, albeit using relatively complex and unpractical shuffle operations. In this paper, we show that if we restrict shuffling to closed permutation sets, the six-card protocol is optimal in the finite-runtime setting. If we additionally assume a uniform distribution on the permutations in a shuffle, we show that restart-free four-card AND protocols are impossible. These shuffles are easy to perform even in an actively secure manner (Koch and Walzer, ePrint 2017). For copying bit commitments, the protocol of Nishimura et al. (ePrint 2017) needs only $2n+1$ cards, but performs a number of complex shuffling steps that is only finite in expectation. We show that it is impossible to go with less cards. If we require an a priori bound on the runtime, we show that the $(2n+2)$-card protocol is card-minimal

Mott gap excitations in twin-free YBa2Cu3O7-d (Tc = 93 K) studied by RIXS

Mott gap excitations in the high-Tc superconductor of the optimal doped YBa2Cu3O7-d (Tc = 93 K) have been studied by the resonant inelastic x-ray scattering method. Anisotropic spectra in the ab-plane are observed in a twin-free crystal. The excitation from the one-dimensional CuO chain is enhanced at 2 eV near the zone boundary of the b* direction, while the excitation from the CuO2 plane is broad at 1.5-4 eV and almost independent of the momentum transfer. Theoretical calculation based on the one-dimensional and two-dimensional Hubbard model reproduces the observed spectra by taking the different parameters of the on-site Coulomb energy. The fact of the Mott gap of the CuO chain site is much smaller than that of CuO2 plane site is observed for the first time

Momentum Dependence of Charge Excitations in the Electron-Doped Superconductor Nd1.85Ce0.15CuO4: a RIXS Study

We report a resonant inelastic x-ray scattering (RIXS) study of charge excitations in the electron-doped high-Tc superconductor Nd1.85Ce0.15CuO4. The intraband and interband excitations across the Fermi energy are separated for the first time by tuning the experimental conditions properly to measure charge excitations at low energy. A dispersion relation with q-dependent width emerges clearly in the intraband excitation, while the intensity of the interband excitation is concentrated around 2 eV near the zone center. The experimental results are consistent with theoretical calculation of the RIXS spectra based on the Hubbard model

Momentum Dependent Charge Excitations of Two-Leg Ladder: Resonant Inelastic X-ray Scattering of (La,Sr,Ca)14Cu24O41

Momentum dependent charge excitations of a two-leg ladder are investigated by resonant inelastic x-ray scattering of (La,Sr,Ca)14Cu24O41. In contrast to the case of a square lattice, momentum dependence of the Mott gap excitation of the ladder exhibits little change upon hole-doping, indicating the formation of hole pairs. Theoretical calculation based on a Hubbard model qualitatively explains this feature. In addition, experimental data shows intraband excitation as continuum intensity below the Mott gap and it appears at all the momentum transfers simultaneously. The intensity of the intraband excitation is proportional to the hole concentration of the ladder, which is consistent with optical conductivity measurements.Comment: 7 page