VehiclesFashionRecipesBlogsHuntTravelsSportFunHandmadeITEducation
Mini-Games
x

x
zakruti.com » Knowledge, science, education » Numberphile
Dealing Cards with Cryptography (with Ron Rivest) - Numberphile

Dealing Cards with Cryptography (with Ron Rivest) - Numberphile

FBTwitterReddit

video description

Rating: 4.0; Vote: 1
Dealing Cards with Cryptography (with Ron Rivest) Stefan: I fear that the problem of cheating remains, both with the physical version (letters) as well as with the crypto representation. After each player sees his cards he must tell the other person which cards he had. They can both try to name a completely different hand (with the well known problem of 5 aces revealed like in those old movies) or -- in an serial communication -- after player 1 tells his hand to player 2, player 2 can name a fake hand that beats player 1. This problem does not necessarily disappear when you also exchange the keys afterwards in a serial way, as after knowing player 1's key you might be able to brute-force a fake key that has your 5 -envelopes- result in a) a valid hand that b) beats player 2. I'm not sure, you might need simultaneous key exchange resp. card reveal or a trusted entity -- which would be a dealer, who could (if he's trusted) just play the whole game for you and tell you who won, no crypto needed. In the envelope game, clearly cheating for player 2 is easy (if no trusted party or some kind of simultaneous exchange is possible -- and weak cheating with the 5-ace-problem is always possible) and I would doubt that the representation is not prone to that problem of result exchange method and/or timing.
Date: 2022-04-08

Comments and reviews: 9


One thing he didn't mention was that when you do your squaring or multiplications, given how the modulo operator works, you can actually take the modulus every step of the way.
Q-11 mod p = Q(Q-5 mod P)-2 mod p
Q-5 mod p = Q(Q-2 mod P)-2 mod p
Q-2 mod p = QQ mod p
The reason this is important because it shows you that every step of the way, your result never actually exceeds -p-. This kind of efficient exponentiation only really works for modulo because your answer is always contained. If you tried to do something like this on a regular exponentiation problem with 100s of digits without modulo your answer would blow up to a size so big you couldn't store it anyways.

reply

Who puts the cards in the envelopes in the first place, and how do you stop them keeping track of which envelope is which? If you do some cryptography to put the cards in envelopes, won't the envelopes still have to all look different from one another, even after they're all locked?
1. I put all the cards in envelopes and lock them.
2. You lock all the envelopes with your lock.
3. You send me your hand with the locks on, and I take my lock off each one and send them back to you. I can't compare them with how they were when I last had them because they still have your lock on.
I think I just answered my own question. Nice!

reply

I think there are two big omissions in this video. Can someone confirm or correct these?
1) In the locked envelope example, each player knows they got genuinely random cards but each card is still only known by one of the players. The example problem requires all players to end up knowing both hands, but this method doesn't accomplish that.
2) They're actually working with (Q-K) mod P)-J) mod P but skip right to (Q-K)-J) mod P. I take it that they're equivalent, but they don't say anything about it and instead focus on the much more basic idea that exponentiation is commutative. However, properties are critical to the example.

reply

What guarantee does the second person have that the dealer encrypted 52 unique cards? And what guarantee does either person have that the other person used the cards the got from the envelope? In this game, if I were the dealer, I would give myself an unbeatable hand and hope that you don't pick any duplicates (in which case you would know that I was cheating. This gives me a higher than 50% chance to win one round.
I also think that Brady and Ron took unnecessary steps. Brady could just have send back 10 cards, 5 of them unchanged and 5 of them with his locks added.

reply

The original dealer into envelopes might have marked the envelopes. You can't even work around this by having Brady mail the initial empty, unlocked, envelopes, as Ron could mark them as he inserts the cards before initial locking.
Also you could optimise out the last 3 steps by -not- applying Brady locks to 5 of the cards when he initially receives the single-locked envelopes. He simply sends those single-locked cards back as Ron's hand at the same time he sends the rest double-locked for Ron to pick his hand.

reply

To my mind, one of the most beautiful things about RSA cryptography and its offshoots is that even when an exponent is thousands of bits long, it represents an actual precise count of something (the number of times the additive identity would have to be multiplied by a particular number to yield the result. While exponentiation isn't actually done via simple sequential multiplication, it is defined in such terms, and so it's neat to have such huge numbers actually have a concrete meaning.
reply

Can Ron Rivest explain how you do those auctions? I see a basic way to do it, but how do you prevent a bidder from providing a specially encrypted bid which decrypts to two different bids depending on the key provided during unmasking. Since the bidder can control both keys and the cypher text it seems like this would be possible despite the complexity of finding keys for arbitrary cypher text.
reply

I'd love a follow-up, who generates K and J? It can't be one party or it has the other party's Key. If it's a third party how do both parties know that the third party is authentic and not your opponent pretending to be a third party and giving you keys it would know? I know there's an answer to this because my passwords usually aren't hacked, but I'd love to see the whole process
reply

A very interesting example that shows how important protocols are for computer security. Even though it's Ron Rivest and he uses RSA encryption as an example, this would work just as well with symmetric cryptography like AES for example.
Now as an exercise for the viewer: Extend this protocol to play texas-hold-em with 6 players at the table or maybe a round of bridge.

reply
Add a review, comment






Other channel videos