1993-01-13 - Mental poker.

Header Data

From: Hal <74076.1041@CompuServe.COM>
To: CYPHERPUNKS <CYPHERPUNKS@TOAD.COM>
Message Hash: c202f7a3ec465ed4b8748371c590e3fe3521b24d2eac9e5db752cb4733744ec7
Message ID: <93011307054874076.1041_DHJ40-1@CompuServe.COM>
Reply To: _N/A

UTC Datetime: 1993-01-13 07:17:59 UTC
Raw Date: Tue, 12 Jan 93 23:17:59 PST

Raw message

From: Hal <74076.1041@CompuServe.COM>
Date: Tue, 12 Jan 93 23:17:59 PST
To: CYPHERPUNKS <CYPHERPUNKS@TOAD.COM>
Subject: Mental poker.
Message-ID: <930113070548_74076.1041_DHJ40-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Mental poker protocols are notorious for having sometimes subtle
weaknesses.  I missed the posting on sci.crypt which Karl mentioned
but his description of the protocol seems to have a flaw:

> 4) B shuffles the remaining 47 cards, lists them by number, appends a
> random bit stream to create M3, and computes the hash.  B sends hash
> MD5(M3) to A.
> [...]
> 6) B sends A M3 so A get get her cards.

If B in step 6 sends A message M3, which lists the 47 cards left after
B has chosen his 5 from the 52 they started with, then A will be able
to see which 5 B chose; those are the 5 not listed in M3.

Am I missing something in the description of the protocol, or was the
actual protocol perhaps a little different than this?

Hal Finney
74076.1041@compuserve.com






Thread