The minimum number of cards in practical card-based protocols

Julia Kastner, Alexander Koch, Stefan Walzer, Daiki Miyahara, Yu ichi Hayashi, Takaaki Mizuki, Hideaki Sone

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

33 Citations (Scopus)


The elegant “five-card trick” of den Boer (EUROCRYPT 1989) allows two players to securely compute a logical AND of two private bits, using five playing cards of symbols ♥ and ♣. Since then, card-based protocols have been successfully put to use in classroom environments, vividly illustrating secure multiparty computation - and evoked research on the minimum number of cards needed for several functionalities. Securely computing arbitrary circuits needs protocols for negation, AND and bit copy in committed-format, where outputs are commitments again. Negation just swaps the bit’s cards, computing AND and copying a bit n times can be done with six and 2n+2 cards, respectively, using the simple protocols of Mizuki and Sone (FAW 2009). Koch et al. (ASIACRYPT 2015) showed that five cards suffice for computing AND in finite runtime, albeit using relatively complex and unpractical shuffle operations. In this paper, we show that if we restrict shuffling to closed permutation sets, the six-card protocol is optimal in the finite-runtime setting. If we additionally assume a uniform distribution on the permutations in a shuffle, we show that restart-free four-card AND protocols are impossible. These shuffles are easy to perform even in an actively secure manner (Koch and Walzer, ePrint 2017). For copying bit commitments, the protocol of Nishimura et al. (ePrint 2017) needs only 2n + 1 cards, but performs a number of complex shuffling steps that is only finite in expectation.We show that it is impossible to go with less cards. If we require an a priori bound on the runtime, we show that the (2n + 2)-card protocol is card-minimal.

Original languageEnglish
Title of host publicationAdvances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings
EditorsTsuyoshi Takagi, Thomas Peyrin
PublisherSpringer Verlag
Number of pages30
ISBN (Print)9783319706993
Publication statusPublished - 2017
Event23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017 - Hong Kong, Hong Kong
Duration: 2017 Dec 32017 Dec 7

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10626 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017
Country/TerritoryHong Kong
CityHong Kong


  • Boolean AND
  • COPY
  • Card-based protocols
  • Committed format
  • Cryptography without computers
  • Secure computation


Dive into the research topics of 'The minimum number of cards in practical card-based protocols'. Together they form a unique fingerprint.

Cite this