Card-based Cryptographic Protocols Using a Minimal Number of Cards

Size: px

Start display at page:

Download "Card-based Cryptographic Protocols Using a Minimal Number of Cards"

Liliana Banks
5 years ago
Views:

Card-based Cryptographic Protocols Using a Minimal Number of Cards ASIACRYPT 2015 Alexander Koch, Stefan Walzer, Kevin Härtel DEPARTMENT OF INFORMATICS, INSTITUTE OF THEORETICAL

1 Card-based Cryptographic Protocols Using a Minimal Number of Cards ASIACRYPT 2015 Alexander Koch, Stefan Walzer, Kevin Härtel DEPARTMENT OF INFORMATICS, INSTITUTE OF THEORETICAL INFORMATICS Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards KIT The Research University in the Helmholtz Association

2 Motivating Scenario I Calculating Mutual Interest with Playing Cards Secrets: Do I fancy him/her? To compute: Is there mutual interest? Secure 2-party AND without computers Trusted Computation Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

3 Motivating Scenario I Calculating Mutual Interest with Playing Cards Secrets: Do I fancy him/her? To compute: Is there mutual interest? Secure 2-party AND without computers Trusted Computation Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

4 Motivating Scenario I Calculating Mutual Interest with Playing Cards Secrets: Do I fancy him/her? To compute: Is there mutual interest? Secure 2-party AND without computers Trusted Computation Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

5 Motivating Scenario I Calculating Mutual Interest with Playing Cards Secrets: Do I fancy him/her? To compute: Is there mutual interest? Secure 2-party AND without computers Trusted Computation Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

6 Motivating Scenario II Explaining MPC to Non-Experts/Students You meet s.o. at a bar and want to explain MPC as an example from your work life Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

7 Motivating Scenario II Explaining MPC to Non-Experts/Students You meet s.o. at a bar and want to explain MPC as an example from your work life. Or to students in class Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

8 Motivating Scenario III You are a theoretician What is possible with unconventional computational models? MPC from indistinguishability of cards & correct shuffling cf. to physical assumptions like tamper-proofness of hardware } {{ } read vis. card seq. do action on cards finite state control Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

9 Setting and Goal Two types of indistinguishable cards: Heart and club with backside. Encode bits as ˆ= 0 ˆ= 1 Our goal ( committed format ) Take face-down input (bits a, b) Compute face-down output (a b) Learn nothing about the input or output during protocol run Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

10 Setting and Goal Two types of indistinguishable cards: Heart and club with backside. Encode bits as ˆ= 0 ˆ= 1 Curiosity: is perfectly hiding & binding Our goal ( committed format ) Take face-down input (bits a, b) Compute face-down output (a b) Learn nothing about the input or output during protocol run Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

11 Setting and Goal Two types of indistinguishable cards: Heart and club with backside. Encode bits as ˆ= 0 ˆ= 1 Curiosity: is perfectly hiding & binding Our goal ( committed format ) Take face-down input (bits a, b) Compute face-down output (a b) Learn nothing about the input or output during protocol run Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

12 A Simple Six-Card AND Protocol Mizuki and Sone [MS09] Observation: (a b) (if a then b else 0) The Protocol: }{{} a }{{}}{{} b 0 Turn first two cards result is cards 3, 4 }{{} ˆ= 1 result is cards 5, 6 }{{} ˆ= Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

13 A Simple Six-Card AND Protocol Mizuki and Sone [MS09] Observation: (a b) (if a then b else 0) (if a then 0 else b) The Protocol: }{{} a }{{}}{{} b 0 Turn first two cards result is cards 3, 4 }{{} ˆ= 1 result is cards 5, 6 }{{} ˆ= Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

14 A Simple Six-Card AND Protocol Mizuki and Sone [MS09] Observation: (a b) (if a then b else 0) (if a then 0 else b) The Protocol: }{{} a }{{}}{{} b 0 p = ½ }{{} a }{{}}{{} 0 b With probability 1 /2: Apply permutation (1 2)(3 5)(4 6). Turn first two cards result is cards 3, 4 }{{} ˆ= 1 result is cards 5, 6 }{{} ˆ= Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

15 A Simple Six-Card AND Protocol Mizuki and Sone [MS09] Observation: (a b) (if a then b else 0) (if a then 0 else b) The Protocol: }{{} a }{{}}{{} b 0 p = ½ }{{} a }{{}}{{} 0 b With probability 1 /2: Apply permutation (1 2)(3 5)(4 6). For privacy: each player once, without the other looking. Turn first two cards }{{} ˆ= 1 result is cards 3, 4 result is cards 5, 6 }{{} ˆ= Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

16 Demonstration of the Six-Card-Protocol Mizuki and Sone [MS09] Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

17 Demonstration of the Six-Card-Protocol Mizuki and Sone [MS09] Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

18 Demonstration of the Six-Card-Protocol Mizuki and Sone [MS09] id with p = 1 /2 π with p = 1 /2 (shuffle, {id, π = (1 2)(3 5)(4 6)}) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

19 Demonstration of the Six-Card-Protocol Mizuki and Sone [MS09] id with p = 1 /2 π with p = 1 /2 (shuffle, {id, π = (1 2)(3 5)(4 6)}) (turn, {1, 2}) (turn, {1, 2}) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

20 Can we do better than six cards? Open problem from [MS09; MS14; MKS12] Main Question: Can a b be computed with 4 cards? in committed format (in the model of Mizuki and Shizuya [MS14]) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

21 Can we do better than six cards? Open problem from [MS09; MS14; MKS12] Main Question: Can a b be computed with 4 cards? in committed format (in the model of Mizuki and Shizuya [MS14]) without committed output: [MKS12]: 4-card protocol without committed input and output: [MWS15]: 2- and 3-card protocols Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

22 Can we do better than six cards? Open problem from [MS09; MS14; MKS12] Main Question: Can a b be computed with 4 cards? in committed format (in the model of Mizuki and Shizuya [MS14]) Our Results 1 Yes, 4 cards suffice... 2 But 4-card protocols are necessarily Las Vegas (LV) no a priori bound on runtime method: analyze states of protocols 3 Yes, 5 cards suffice for finite-runtime protocols 4 LV protocol for k-ary functions using 2k cards 5 Note: Complex Shuffles needed Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

23 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

24 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

25 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

26 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

27 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

28 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

29 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X 01 (turn, {1, 2}) X 11 X 10 + X 00 X 01 (result, 3, 4) X 11 X 10 + X 00 X 01 (result, 5, 6) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

30 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X 01 (turn, {1, 2}) X 11 X 10 + X 00 X 01 (result, 3, 4) X 11 X 10 + X 00 X 01 (result, 5, 6) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

31 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X 01 (turn, {1, 2}) X 11 X 10 + X 00 X 01 (result, 3, 4) X 11 X 10 + X 00 X 01 (result, 5, 6) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

32 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X 01 (turn, {1, 2}) X 11 X 10 + X 00 X 01 (result, 3, 4) X 11 X 10 + X 00 X 01 (result, 5, 6) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

33 State Transitions: The Six-Card Protocol Protocol State: Annotate currently possible sequences with probability in terms of symbolic input prob. X ij = Pr[a = i, b = j] X 11 X 10 X 01 X 00 (shuffle, {id, (1 2)(3 5)(4 6)}) 1 /2X 11 1 /2X /2X 00 1 /2X 01 1 /2X /2X 10 1 /2X 11 1 /2X 01 (turn, {1, 2}) X 11 X 10 + X 00 X 01 (result, 3, 4) X 11 X 10 + X 00 X 01 (result, 5, 6) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

34 Impossibility Result Theorem There is no secure finite-runtime four-card AND protocol Proof Idea Each sequence belongs either to output 0 or to 1. An i j-state has i 0-sequences and j 1-sequences. Define non-reachable good states: not possible by turn/shuffle start state final states bad states Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards good states

35 Impossibility Result Theorem There is no secure finite-runtime four-card AND protocol Proof Idea Each start sequence type: 3 1 belongs either to output 0 or to 1. An i j-state has X 11 i 0-sequences and j 1-sequences. Define non-reachable X 10 good states: X 01 X 00 not possible by turn/shuffle start state final states bad states Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards good states

36 Impossibility Result Theorem There is no secure finite-runtime four-card AND protocol Proof Idea Each start sequence type: 3 1 belongs either to output 0 ore.g. to state: An i j-state has X i 0-sequences and j 1-sequences. X X 00 Define non-reachable X 10 good states: X 10 X 1 /2X X 1 /2X not possible by turn/shuffle start state final states bad states Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards good states

37 Proof Idea Single Card Turns Bad States Good States with const pos without const pos Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

38 Proof Idea Single Card Turns Bad States Good States with const pos without const pos 1 1 Observation 1. After turn: with const pos. and 3 sequences Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

39 Proof Idea Single Card Turns Bad States Good States with const pos without const pos 1 1 Observation 2. Turnable states are i j with i, j Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

40 Proof Idea Single Card Turns Bad States Good States with const pos without const pos 1 1 Observation 3. W.l.o.g. we need to consider half of the states Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

41 Proof Idea Single Card Turns Bad States Good States with const pos without const pos Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

42 Proof Idea Single Card Turns Bad States Good States with const pos without const pos Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

43 Proof Idea Shuffles Bad States Good States with const pos without const pos 1 1 Observation 1. Shuffles increase #sequences per type Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

44 Proof Idea Shuffles Bad States Good States with const pos without const pos 1 1 Observation 1. Shuffles increase #sequences per type Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

45 Proof Idea Shuffles Bad States Good States ? ? with const pos without const pos Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

46 Proof Idea Shuffles Bad States s 0 : s 0 : s 1 : Good States Apply (shuffle, Π, F) to this state. with const pos 1 1 Case 1: All π Π put constant column to same position. = the resulting state still has a constant column. without const pos Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

47 Proof Idea Shuffles Bad States p = ½ s 0 : s 0 : s 1 : 4 1 s 0 : s 1 : Good States with const pos without const pos Apply (shuffle, Π, F) to this state. 1 1 Case 2: There are π 1, π 2 Π putting the const. col. in different pos. = the resulting state has at least 5 sequences Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

48 Our Four-Card Protocol X 11 X 10 X 01 X 00 start state 1 /2X 11 1 /2X 11 1 /2X /2X 01 1 /2X /2X 01 (shuffle, {id, (1 3)(2 4), (2 3), ( )}) 1 /2X 00 1 /2X 00 (turn, {2}) X 11 X 10 + X 01 X 00 (shuffle, {id, (1 3)}) X 11 X 10 + X 01 X 00 (shuffle, {id, (3 4)}) X 1 /2X 0 (perm, ( )) 1 /2X 0 (shuffle, {id, (1 2)(3 4)}, F) F : id 1 /3, (1 2)(3 4) 2 /3 1 /3X 1 2 /3X 1 1 /6X 0 1 /3X 0 1 /2X 0 (turn, {4}) (perm, ( )) X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (1 3)(2 4)}, F) F : id 1 /3, (1 3)(2 4) 2 /3 1 /3X 1 2 /3X 1 1 /6X 0 1 /3X 0 1 /2X 0 (turn, {1}) X 1 X 0 (result, 1, 2) (shuffle, {id, (1 3)}) X 1 1 /4X 0 3 /4X 0 X 1 1 /2X 0 1 /2X 0 X 1 1 /4X 0 3 /4X 0 X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (3 4)}) X 1 X 0 (result, 2, 4) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

49 Our Four-Card Protocol X 11 X 10 X 01 X 00 start state 1 /2X 11 1 /2X 11 1 /2X /2X 01 1 /2X /2X 01 (shuffle, {id, (1 3)(2 4), (2 3), ( )}) 1 /2X 00 1 /2X 00 (turn, {2}) X 11 X 10 + X 01 X 00 (shuffle, {id, (1 3)}) X 11 X 10 + X 01 X 00 (shuffle, {id, (3 4)}) X 1 /2X 0 (perm, ( )) 1 /2X 0 (shuffle, {id, (1 2)(3 4)}, F) F : id 1 /3, (1 2)(3 4) 2 /3 1 /3X 1 2 /3X 1 1 /6X 0 1 /3X 0 1 /2X 0 (turn, {4}) (perm, ( )) X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (1 3)(2 4)}, F) F : id 1 /3, (1 3)(2 4) 2 /3 1 /3X 1 2 /3X 1 1 /6X 0 1 /3X 0 1 /2X 0 (turn, {1}) X 1 X 0 (result, 1, 2) (shuffle, {id, (1 3)}) X 1 1 /4X 0 3 /4X 0 X 1 1 /2X 0 1 /2X 0 X 1 1 /4X 0 3 /4X 0 X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (3 4)}) X 1 X 0 (result, 2, 4) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

50 Our Five-Card Protocol X 11 X 10 X 01 X 00 start state 1 /2X 11 1 /2X 11 1 /2X /2X 01 1 /2X /2X 01 (shuffle, {id, (1 3)(2 4), (2 3), ( )}) 1 /2X 00 1 /2X 00 (turn, {2}) X 11 X 10 + X 01 X 00 (shuffle, {id, (1 3)}) X 11 X 10 + X 01 X 00 (shuffle, {id, (3 4)}) X 1 1 /2X 0 1 /2X 0 (perm, ( )), (shuffle, {id, ( )}, F) F : id 2 /3, ( ) 1 /3 2 /3X 1 1 /3X 1 1 /2X 0 1 /6X 0 1 /3X 0 (turn, {5}) (perm, ( )) X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (1 3)(2 4)}, F) F : id 1 /3, (1 3)(2 4) 2 /3 1 /3X 1 2 /3X 1 1 /6X 0 1 /3X 0 1 /2X 0 (turn, {1}) X 1 X 0 (result, 4, 3) X 1 3 /4X 0 1 /4X 0 (result, 3, 1) X 1 1 /4X 0 3 /4X 0 X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (3 4)}) X 1 X 0 (result, 2, 4) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

51 Our Five-Card Protocol X 11 X 10 X 01 X 00 start state 1 /2X 11 1 /2X 11 1 /2X /2X 01 1 /2X /2X 01 (shuffle, {id, (1 3)(2 4), (2 3), ( )}) 1 /2X 00 1 /2X 00 (turn, {2}) X 11 X 10 + X 01 X 00 (shuffle, {id, (1 3)}) X 11 X 10 + X 01 X 00 (shuffle, {id, (3 4)}) X 1 1 /2X 0 1 /2X 0 (perm, ( )), (shuffle, {id, ( )}, F) F : id 2 /3, ( ) 1 /3 2 /3X 1 1 /3X 1 1 /2X 0 1 /6X 0 1 /3X 0 (turn, {5}) (perm, ( )) X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (1 3)(2 4)}, F) F : id 1 /3, (1 3)(2 4) 2 /3 1 /3X 1 2 /3X 1 1 /6X 0 1 /3X 0 1 /2X 0 (turn, {1}) X 1 X 0 (result, 4, 3) X 1 3 /4X 0 1 /4X 0 (result, 3, 1) X 1 1 /4X 0 3 /4X 0 X 1 1 /2X 0 1 /2X 0 (shuffle, {id, (3 4)}) X 1 X 0 (result, 2, 4) Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

52 Summary Runtime Shuffles #Cards Reference exp. finite non-uniform closed 4 [KWH15] exp. finite uniform non-closed 4 [KWH15] finite non-uniform non-closed 5 [KWH15] finite uniform closed 6 [MS09] Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

53 Summary Runtime Shuffles #Cards Reference exp. finite non-uniform closed 4 [KWH15] exp. finite uniform non-closed 4 [KWH15] finite non-uniform non-closed 5 [KWH15] finite uniform closed 6 [MS09] Open Question: What if we restrict the computational model? Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

54 Summary Runtime Shuffles #Cards Reference exp. finite non-uniform closed 4 [KWH15] exp. finite uniform non-closed 4 [KWH15] finite non-uniform non-closed 5 [KWH15] finite uniform closed 6 [MS09] Open Question: What if we restrict the computational model? Thank you for your attention! Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

55 References: I A. Koch, S. Walzer, and K. Härtel. Card-based Cryptographic Protocols Using a Minimal Number of Cards. In: ASIACRYPT Ed. by T. Iwata and J. Cheon. Vol LNCS. Springer, 2015, pp T. Mizuki, M. Kumamoto, and H. Sone. The Five-Card Trick Can Be Done with Four Cards. In: ASIACRYPT Ed. by X. Wang and K. Sako. Vol LNCS. Springer, 2012, pp T. Mizuki and H. Sone. Six-Card Secure AND and Four-Card Secure XOR. In: FAW Ed. by X. Deng, J. E. Hopcroft, and J. Xue. Vol LNCS. Springer, 2009, pp Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

56 References: II T. Mizuki and H. Shizuya. A formalization of card-based cryptographic protocols via abstract machine. In: Int. J. Inf. Secur (2014), pp A. Marcedone, Z. Wen, and E. Shi. Secure Dating with Four or Fewer Cards. Cryptology eprint Archive, Report 2015/ Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

57 References: III Various Artists. Title image from http: //pdpics.com/photo/6619-ten-cards-of-all-suits/, public domain. Image of Bar from public domain. Image of lecture hall from brett jordan, CC-BY-2.0. XKCD comic figures by Randall Munroe from CC-BY-NC Alexander Koch et al. Card-based Cryptographic Protocols Using a Minimal Number of Cards

Card-based Cryptographic Protocols Using a Minimal Number of Cards

Card-based Cryptographic Protocols Using a Minimal Number of Cards Alexander Koch, Stefan Walzer, and Kevin Härtel Karlsruhe Institute of Technology (KIT) Karlsruhe, Germany alexander.koch@kit.edu, {stefan.walzer,