[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mental poker.

To: CYPHERPUNKS <[email protected]>
Subject: Mental poker.
From: Hal <[email protected]>
Date: 13 Jan 93 02:05:49 EST

Mental poker protocols are notorious for having sometimes subtle
weaknesses.  I missed the posting on sci.crypt which Karl mentioned
but his description of the protocol seems to have a flaw:

> 4) B shuffles the remaining 47 cards, lists them by number, appends a
> random bit stream to create M3, and computes the hash.  B sends hash
> MD5(M3) to A.
> [...]
> 6) B sends A M3 so A get get her cards.

If B in step 6 sends A message M3, which lists the 47 cards left after
B has chosen his 5 from the 52 they started with, then A will be able
to see which 5 B chose; those are the 5 not listed in M3.

Am I missing something in the description of the protocol, or was the
actual protocol perhaps a little different than this?

Hal Finney
[email protected]

Prev by Date: mental poker
Next by Date: re: mental poker protocol
Prev by thread: mental poker
Next by thread: re: mental poker protocol
Index(es):
- Date
- Thread