Abstract
Yao’s millionaire protocol enables Alice and Bob to know whether or not Bob is richer than Alice by using a public-key cryptosystem without revealing the actual amounts of their properties. In this paper, we present a simple and practical implementation of Yao’s millionaire protocol using a deck of playing cards; we straightforwardly implement the idea behind Yao’s millionaire protocol so that even non-experts can easily understand its correctness and secrecy. Our implementation is based partially on the previous card-based scheme proposed by Nakai, Tokushige, Misawa, Iwamoto, and Ohta; their scheme admits players’ private actions on a sequence of cards called Private Permutation (PP), implying that a malicious player could make an active attack (for example, he/she could exchange some of the cards stealthily when doing such a private action). In contrast, our implementation relies on a familiar shuffling operation called a random cut, and hence, it can be conducted completely publicly so as to avoid any active attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It should be noted that Fagin, Naor, and Winkler proposed a similar idea to solve the socialist millionaires’ problem [5] where Alice and Bob want to know whether they think the same person in mind or not (see Solution 11 in [3]). In addition, Nakai et al. [15] presented another card-based scheme with Private Permutation, which compares a and b bit by bit with the help of “storage” cards.
- 2.
Koch and Walzer [6] showed that one can securely “choose” a permutation from a specific set using helping cards with a different color.
References
Balogh, J., Csirik, J.A., Ishai, Y., Kushilevitz, E.: Private computation using a PEZ dispenser. Theor. Comput. Sci. 306(1), 69–84 (2003). http://www.sciencedirect.com/science/article/pii/S030439750300210X
Boer, B.: More efficient match-making and satisfiability the five card trick. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 208–217. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_23
Fagin, R., Naor, M., Winkler, P.: Comparing information without leaking it. Commun. ACM 39(5), 77–85 (1996). https://doi.org/10.1145/229459.229469
Hanaoka, G.: Towards user-friendly cryptography. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 481–484. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61273-7_24
Jakobsson, M., Yung, M.: Proving without knowing: on oblivious, agnostic and blindfolded provers. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 186–200. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_15
Koch, A., Walzer, S.: Foundations for actively secure card-based cryptography. Cryptology ePrint Archive, Report 2017/423 (2017). https://eprint.iacr.org/2017/423
Koch, A., Walzer, S., Härtel, K.: Card-based cryptographic protocols using a minimal number of cards. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 783–807. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_32
Marcedone, A., Wen, Z., Shi, E.: Secure dating with four or fewer cards. Cryptology ePrint Archive, Report 2015/1031 (2015). https://eprint.iacr.org/2015/1031
Mizuki, T., Kugimoto, Y., Sone, H.: Secure multiparty computations using the 15 puzzle. In: Dress, A., Xu, Y., Zhu, B. (eds.) COCOA 2007. LNCS, vol. 4616, pp. 255–266. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73556-4_28
Mizuki, T., Shizuya, H.: A formalization of card-based cryptographic protocols via abstract machine. Int. J. Inf. Secur. 13(1), 15–23 (2014)
Mizuki, T., Shizuya, H.: Practical card-based cryptography. In: Ferro, A., Luccio, F., Widmayer, P. (eds.) Fun with Algorithms. Lecture Notes in Computer Science, vol. 8496, pp. 313–324. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07890-8_27
Mizuki, T., Shizuya, H.: Computational model of card-based cryptographic protocols and its applications. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E100.A(1), 3–11 (2017)
Mizuki, T., Sone, H.: Six-card secure AND and four-card secure XOR. In: Deng, X., Hopcroft, J.E., Xue, J. (eds.) FAW 2009. LNCS, vol. 5598, pp. 358–369. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02270-8_36
Nakai, T., Shirouchi, S., Iwamoto, M., Ohta, K.: Four cards are sufficient for a card-based three-input voting protocol utilizing private permutations. In: Shikata, J. (ed.) ICITS 2017. LNCS, vol. 10681, pp. 153–165. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72089-0_9
Nakai, T., Tokushige, Y., Misawa, Y., Iwamoto, M., Ohta, K.: Efficient card-based cryptographic protocols for millionaires’ problem utilizing private permutations. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 500–517. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48965-0_30
Nishida, T., Mizuki, T., Sone, H.: Securely computing the three-input majority function with eight cards. In: Dediu, A.-H., Martín-Vide, C., Truthe, B., Vega-Rodríguez, M.A. (eds.) TPNC 2013. LNCS, vol. 8273, pp. 193–204. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45008-2_16
Nishimura, A., Hayashi, Y., Mizuki, T., Sone, H.: Pile-shifting scramble for card-based protocols. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E101.A(9), 1494–1502 (2018)
Nishimura, A., Nishida, T., Hayashi, Y., Mizuki, T., Sone, H.: Five-card secure computations using unequal division shuffle. In: Dediu, A.-H., Magdalena, L., Martín-Vide, C. (eds.) TPNC 2015. LNCS, vol. 9477, pp. 109–120. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26841-5_9
Nishimura, A., Nishida, T., Hayashi, Y., Mizuki, T., Sone, H.: Card-based protocols using unequal division shuffles. Soft Comput. 22, 361–371 (2017). https://doi.org/10.1007/s00500-017-2858-2
Ueda, I., Nishimura, A., Hayashi, Y., Mizuki, T., Sone, H.: How to implement a random bisection cut. In: Martín-Vide, C., Mizuki, T., Vega-Rodríguez, M.A. (eds.) TPNC 2016. LNCS, vol. 10071, pp. 58–69. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49001-4_5
Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. SFCS 1982. IEEE Computer Society, Washington, DC, USA (1982). https://doi.org/10.1109/SFCS.1982.88
Acknowledgments
We thank the anonymous referees, whose comments have helped us to improve the presentation of the paper. This work was supported by JSPS KAKENHI Grant Number JP17K00001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A The Six-Card and Protocol
In 2009, Mizuki and Sone [13] invented the following six-card AND protocol, which securely outputs a commitment to \(x\wedge y\) from the commitments to x and y (and two additional cards).
-
1.
Place input commitments and additional cards of black and red, and then turn over the two cards in the center:
-
2.
Rearrange the sequence:
-
3.
Apply a random bisection cut, which means bisecting the sequence and switching the two halves randomly:
After applying this shuffling operation, the six-card sequence results in either the same sequence as the original one or a sequence whose left and right halves are switched; each case occurs with a probability of 1/2.
-
4.
Rearrange the sequence:
After this rearranging operation, the six-card sequence will be as follows:
-
5.
Reveal the first two cards. Then, a commitment to \(x\wedge y\) can be obtained as:
Note that we can reuse the two revealed two cards, and moreover, the other two cards not being a commitment to \(x\wedge y\) can be reused by revealing them after shuffling.
As mentioned above, we can obtain a commitment to \(x\wedge y\) (keeping its value secret). It is well known that in the literature [20], a random bisection cut can be implemented by humans securely so that nobody knows the resulting card sequence.
An OR protocol can be obtained in a similar way.
B The Six-Card COPY Protocol
The following six-card COPY protocol proposed by Mizuki and Sone [13] produces two commitments to x from a commitment to x and four additional cards.
-
1.
Place an input commitment and black and red additional cards, and then turn over the additional cards:
-
2.
Rearrange the sequence:
-
3.
Apply a random bisection cut:
-
4.
Rearrange the sequence:
-
5.
Reveal the first two cards. Then, two commitments to x can be obtained as follows (two revealed cards can be reused in the next protocol):
In the latter case, we can easily get two commitments to x (from commitments to \(\bar{x}\)) by using the NOT protocol (swapping the two cards of each commitment).
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Miyahara, D., Hayashi, Yi., Mizuki, T., Sone, H. (2018). Practical and Easy-to-Understand Card-Based Implementation of Yao’s Millionaire Protocol. In: Kim, D., Uma, R., Zelikovsky, A. (eds) Combinatorial Optimization and Applications. COCOA 2018. Lecture Notes in Computer Science(), vol 11346. Springer, Cham. https://doi.org/10.1007/978-3-030-04651-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-04651-4_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04650-7
Online ISBN: 978-3-030-04651-4
eBook Packages: Computer ScienceComputer Science (R0)