Communication efficient shuffle for mental poker protocols

Mental poker protocols are considered to be computationally and communicationally consuming. A secure and fast mental poker protocol was proposed by Wang and Wei (2009) [26]. The cost of communication (total length of message) can be considered as feasible, but is still relatively expensive for networks with lower bandwidths. A shuffle requires 64MB of data transmission for a typical setting (9 players, 52 cards, 1024bit keys, and security parameter L=100). The most communicationally consuming part of Wang and Wei's protocol is the shuffle verification protocol SV. In this paper, we propose a new method to verify the integrity of the shuffle, namely, NewSV which can be used as a drop-in replacement for SV. NewSV is slower than SV. The benefit of using NewSV is that the communication cost can be greatly reduced. Using the same settings, if NewSV is used instead of SV, then 70% of the communication cost can be saved. A shuffle requires only 20MB of data transmission for L=100. The computational overhead is 7-2% for security parameter L=30-100. This technique can be applied to a similar mental poker protocol proposed by Castella-Roca (2004) [7]. The Castella-Roca's shuffle requires 154MB of data transmission for L=100. By using NewSV, 87% of the communication cost can be reduced so that only 20MB of data transmission is required. The computational overhead is also 7-2% for L=30-100.

[1]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[2]  J. Roca Contributions to mental poker , 2006 .

[3]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[4]  Jacques Stern,et al.  An Efficient Pseudo-Random Generator Provably as Secure as Syndrome Decoding , 1996, EUROCRYPT.

[5]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[6]  Daniel Augot,et al.  A Family of Fast Syndrome Based Cryptographic Hash Functions , 2005, Mycrypt.

[7]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[8]  Emmanuel Bresson,et al.  A Generalization of DDH with Applications to Protocol Analysis and Computational Soundness , 2007, CRYPTO.

[9]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[10]  Yehuda Lindell,et al.  Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[11]  Philippe Golle,et al.  Dealing cards in poker games , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[12]  Oded Goldreich,et al.  Zero-Knowledge twenty years after its invention , 2002, Electron. Colloquium Comput. Complex..

[13]  Josep Domingo-Ferrer,et al.  Dropout-Tolerant TTP-Free Mental Poker , 2005, TrustBus.

[14]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[15]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[16]  Claude Crépeau,et al.  A Zero-Knowledge Poker Protocol That Achieves Confidentiality of the Players' Strategy or How to Achieve an Electronic Poker Face , 1986, CRYPTO.

[17]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[18]  Ron Steinfeld,et al.  VSH, an Efficient and Provable Collision Resistant Hash Function , 2006, IACR Cryptol. ePrint Arch..

[19]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[20]  Nigel P. Smart,et al.  Mental Poker Revisited , 2003, IMACC.

[21]  Kaoru Kurosawa,et al.  General Public Key Residue Cryptosystems and Mental Poker Protocols , 1991, EUROCRYPT.