Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of.

Published byBailey Giffin Modified over 9 years ago

Similar presentations

Presentation on theme: "Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of."— Presentation transcript:

1 Mental Poker The SRA Protocol

2 What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of randomness. We assume 2 players, 52 cards. Five cards are dealt then one round of betting then all cards shown.

3 Desired Characteristics Players have disjoint hands. Any player can have any possible hand. No player can discover another players hand. Any collusion has minimal effect.

4 The SRA protocol Invented by Shamir, Rivest and Adleman in 1979. Relies on a commutative encryption scheme ie E A (E B (M)) = E B (E A (M)) Two players Alice and Bob together choose a large prime number n, then Alice chooses her key A s.t. gcd(A,n-1) = 1 and Bob chooses B similarly.

5 SRA cont… Encode the 52 cards as integers. Encryption E A (M) = M A (mod n) Decryption D A (M) = M inv(A) (mod n) Bob permutes the cards to x 1,x 2,…,x 52 encrypts them then sends to Alice E B (x i ). Alice chooses 5 cards for herself, encrypts them and sends to Bob E A (E B (x i )). Also chooses 5 cards for Bob and sends them to him (without encrypting) E B (x i ).

6 SRA cont… Bob can now decrypt his cards to see his hand D B (E B (x i ) = x i. He also decrypts Alice’s cards then sends them back to her. Here is where we need commutativity so D B (E A (E B (x i ))) = E A (x i ) Alice receives her cards and decrypt them seeing her hand D A (E A (x i )) = x i.

7 Naive Analysis When Alice receives the shuffled, encrypted cards she cannot tell which is which so picks randomly ie cannot see Bob’s hand. When Bob receives Alice’s double encrypted hand he cannot read it even when he partially decrypts it. But is there information leaked by the encryption process? Yes! Quadratic Residues.

8 Quadratic Residues An integer a, not divisible by an odd prime p, is a quadratic residue modulo p if there is a b in {1,2,…,p-1} s.t. a = b 2 (mod p). Otherwise a is a quadratic nonresidue. So for p = 11, 1=1 2, 3=5 2, 4=2 2, 5=4 2, 9=3 2 are the quadratic residues and 2,6,7,8,10 are the quadratic nonresidues. This works in general. For a prime p there are (p-1)/2 of both residues and nonresidues.

9 Cheating at Mental Poker In 1981 R. Lipton showed for odd k, x k is a quadratic residue mod p iff x is a quadratic residue mod p. So the cards whose representations are quadratic residues are still quadratic residues when they are encrypted. This allows Alice to find the cards that are residues and nonresidues, for the particular p used, and then choose (on average) high cards for herself and low cards for Bob.

10 Dealing with cheating The easiest way to prevent the attack we have discussed is to only represent cards with quadratic residues. However other, more general attacks have been shown to be effective so SRA is not a good protocol. Other protocols for the Mental Poker problem have been considered with the most successful ones using probabilistic encryption and zero knowledge proof. Crepeau solved the problem in 1987 although his protocol is not computationally feasible. Research still goes on.

Download ppt "Mental Poker The SRA Protocol. What is Mental Poker? Playing poker without cards (ie over telephone or internet). No Trusted Third Party or source of."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Cryptosystem

Public Key Cryptosystem
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
SECURITY AND VERIFICATION Lecture 1: Why to prove cryptography? The origins of provable cryptography Tamara Rezk INDES TEAM, INRIA January 3 rd, 2012.

SECURITY AND VERIFICATION Lecture 1: Why to prove cryptography? The origins of provable cryptography Tamara Rezk INDES TEAM, INRIA January 3 rd, 2012.
Dolev-Yao For distributed systems and networks, we often should assume that there are adversaries Everywhere in the network Adversary may: eavesdrop, manipulate,

Dolev-Yao For distributed systems and networks, we often should assume that there are adversaries Everywhere in the network Adversary may: eavesdrop, manipulate,
Primality Testing By Ho, Ching Hei Cheung, Wai Kwok.

Primality Testing By Ho, Ching Hei Cheung, Wai Kwok.
Protocols to do seemingly impossible 1 CHAPTER 10: Protocols to do seemingly impossible A protocol is an algorithm two (or more) parties have to follow.

Protocols to do seemingly impossible 1 CHAPTER 10: Protocols to do seemingly impossible A protocol is an algorithm two (or more) parties have to follow.
7. Asymmetric encryption-

7. Asymmetric encryption-
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.

Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
and Factoring Integers (I)

and Factoring Integers (I)
Secure Poker Post PC project 2002. Motivation Games have been pushing computer industry Many people carry gadgets, but hardly a pack of cards. (even during.

Secure Poker Post PC project Motivation Games have been pushing computer industry Many people carry gadgets, but hardly a pack of cards. (even during.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
RSA Exponentiation cipher

RSA Exponentiation cipher
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Similar presentations

Ads by Google