Confidentiality in a Card-Based Protocol Under Repeated Biased Shuffles

TL;DR

This paper analyzes the confidentiality of a card-based protocol, specifically Bert den Boer's Five Card Trick, focusing on how biased shuffles affect information leakage and how repeated shuffles can mitigate this risk.

Contribution

It provides a probabilistic analysis of nonuniform shuffling in a secure card protocol and offers bounds on shuffle repetitions needed to ensure confidentiality.

Findings

Biased shuffles increase information leakage in the protocol.

Eigenstructure of Markov chains helps bound the number of shuffles needed.

Repeated shuffles can reduce leakage to acceptable levels.

Abstract

In this paper, we provide a probabilistic analysis of the confidentiality in a card-based protocol. We focus on Bert den Boer's original Five Card Trick to develop our approach. Five Card Trick was formulated as a secure two-party computation method, where two players use colored cards with identical backs to calculate the logical AND operation on the bits that they choose. In this method, the players first arrange the cards privately, and then shuffle them through a random cut. Finally, they reveal the shuffled arrangement to determine the result of the operation. An unbiased random cut is essential to prevent players from exposing their chosen bits to each other. However, players typically choose to move cards within the deck even though not moving any cards should be equally likely. This unconscious behavior results in a biased, nonuniform shuffling-distribution in the sense that some arrangements of cards are slightly more probable after the cut. Such a nonuniform distribution creates an opportunity for a malicious player to gain advantage in guessing the other player's choice. We provide the conditional probabilities of such guesses as a way to quantify the information leakage. Furthermore, we utilize the eigenstructure of a Markov chain to derive tight bounds on the number of times the biased random cuts must be repeated to reduce the leakage to an acceptable level. We also discuss the generalization of our approach to the setting where shuffling is conducted by a malicious player.