8

The algorithm for mental poker that I saw on Wikipedia and everywhere else relies on an encryption algorithm such that $E_k(E_j(P)) = E_j(E_k(P))$, but I can't find a modern and secure algorithm for which this is true. The only algorithm I found with this property is SRA (I believe that's what it's called) but it relies on modular exponentiation, which is slow and resource intensive compared to a more common algorithm such as AES, not to mention less secure.

Is there a mental poker algorithm that doesn't rely on this property?

Daffy
  • 2,429
  • 20
  • 29

1 Answers1

3

Yes, there are some other algorithms that do not rely on commutative encryption.

The Wikipedia page for Mental poker lists some other examples. It describes a non-shuffling poker protocol that uses homomorphic encryption. It has this caveat, though:

However, the method needs all cards that have already been dealt to be known to all, which in most poker-style games would beat its very purpose.

So it's not practical.

There is also a very interesting paper titled How to Use Bitcoin to Play Decentralized Poker. The authors demonstrate how you could use secure multiparty computation with identifiable abort (ID-MPC) to play a decentralized game of poker.

(Use this Internet Archive link if the Mental poker page has been updated.)

ndbroadbent
  • 243
  • 1
  • 11