Automorphism Shuffles for Graphs and Hypergraphs and Its Applications

05/10/2022
by   Kazumasa Shinagawa, et al.
0

In card-based cryptography, a deck of physical cards is used to achieve secure computation. A shuffle, which randomly permutes a card-sequence along with some probability distribution, ensures the security of a card-based protocol. The authors proposed a new class of shuffles called graph shuffles, which randomly permutes a card-sequence by an automorphism of a directed graph (New Generation Computing 2022). For a directed graph G with n vertices and m edges, such a shuffle could be implemented with pile-scramble shuffles with 2(n+m) cards. In this paper, we study graph shuffles and give an implementation, an application, and a slight generalization of them. First, we propose a new protocol for graph shuffles with 2n+m cards. Second, as a new application of graph shuffles, we show that any cyclic group shuffle, which is a shuffle over a cyclic group, is a graph shuffle associated with some graph. Third, we define a hypergraph shuffle, which is a shuffle by an automorphism of a hypergraph, and show that any hypergraph shuffle can also be implemented with pile-scramble shuffles.

READ FULL TEXT VIEW PDF

Authors

page 1

page 2

page 3

page 4

08/29/2019

PageRank algorithm for Directed Hypergraph

During the last two decades, we easilly see that the World Wide Web's li...
09/01/2021

Graph Automorphism Shuffles from Pile-Scramble Shuffles

A pile-scramble shuffle is one of the most effective shuffles in card-ba...
10/04/2019

A Note on Directed Treewidth

We characterise digraphs of directed treewidth one in terms of forbidden...
08/09/2020

Directed hypergraph neural network

To deal with irregular data structure, graph convolution neural networks...
01/30/2013

Marginalizing in Undirected Graph and Hypergraph Models

Given an undirected graph G or hypergraph X model for a given set of var...
03/02/2021

Implementing G-Machine in HyperLMNtal

Since language processing systems generally allocate/discard memory with...
05/06/2019

Incorporating Weisfeiler-Leman into algorithms for group isomorphism

In this paper we combine many of the standard and more recent algebraic ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1. Introduction

1.1. Background

Card-based cryptography is one of active research areas in cryptography. It enables secure computation by using a deck of physical cards. In card-based protocols, a deck of physical cards is used to achieve secure computation by hands. Thus, it is easy to understand the correctness and the security of protocols, even for non-experts who are unfamiliar with cryptography. In fact, there are some reports on an educational application of card-based cryptography for teaching cryptography (e.g., Cornell University [7], University of Waterloo [2], Tohoku University [9], and a Japanese elementary school [13]).

In 2014, Mizuki and Shizuya [10] defined a mathematical model of card-based cryptography. On the one hand, Mizuki–Shizuya model helps to find some new protocols and to prove some impossibility results (e.g., [6]). On the other hand, it allows some operations which are not clear how to implement physically. In particular, the Mizuki–Shizuya model allows the use of shuffles where it is non-trivial to implement physically. It is undesirable since card-based cryptography is easy to perform and easy to understand visually.

Let be the symmetric group of degree , a set of permutations, and a probability distribution on . A shuffle for a card-sequence of cards is an operation to obtain a permuted card-sequence by some , where is chosen according to . When we consider , we may assume that no player knows which is chosen. It is said to be uniform closed if is a group and

is the uniform distribution.

The uniform closed shuffle over denoted by is a shuffle for the uniform distribution .

Given a shuffle , it is unclear how to implement it even for uniform closed shuffles. In this paper, we study the class of graph shuffles (see Subsection 2.3), which is a subclass of uniform closed shuffles including various well-known classes of shuffles such as random cuts [3], random bisection cuts [11], pile-shifting shuffles [14], and pile-scramble shuffles [4] and so on.

1.2. Related Work

Koch and Walzer [5] showed that any uniform closed shuffle for any group can be implemented by random cuts. Although it is worthwhile to show how to implement an arbitrary uniform closed shuffle, it requires many operations (at least the size of the group ). On the other hand, our protocol requires a small number of operations.

Saito, Miyahara, Abe, Mizuki, and Shizuya [12] showed that every shuffle can be implemented by pile-shifting shuffles. Although it is worthwhile to show that every shuffle can be implemented theoretically, it requires many cards (at least cards). On the other hand, our protocol requires a relatively small number of cards.

1.3. Contribution

# of cards # of shuffles
Graph shuffle protocol (directed, vertices, and edges)
Miyamoto–Shinagawa [8]
Subsection 3.2
Graph shuffle protocol (undirected, vertices, and edges)
Miyamoto–Shinagawa [8]
Subsection 3.2
Subsection 5.2
Hypergraph shuffle protocol ( vertices and hyperedges)
Subsection 5.2

is the number of distinct degrees, is the number of distinct outdegrees,

is the number of distinct degrees, and is the number of distinct sizes of hyperedges.

Table 1. Summary of our results and the previous work

In this paper, we focus on the class of graph shuffles introduced by Miyamoto and Shinagawa [8]. According to [8], a graph shuffle associated with a directed graph with vertices and edges can be implemented with pile-scramble shuffles and cards. Our first main result is that we show that it can be implemented with pile-scramble shuffles and cards. Thus, the number of cards is more efficient than that of [8]. We remark that the number of shuffles Second, as an application of graph shuffles, we show that every cyclic group shuffle, which is a uniform closed shuffle over a cyclic subgroup of , is a graph shuffle. It yields that every cyclic group shuffle can be implemented with pile-scramble shuffles only. In the last, we consider hypergraphs. A hypergraph is a generalization of undirected graphs whose edge (called a hyperedge) is a subset of vertices rather than a pair of vertices. We introduce a hypergraph shuffle, which is a uniform closed shuffle over the automorphism group of a hypergraph, and design a hypergraph shuffle protocol for any hypergraph . It requires cards, where is the number of vertices, and is the number of hyperedges. Since an undirected graph is a hypergraph, our hypergraph shuffle protocol implies a graph shuffle protocol for undirected graphs. As a result, one can reduce the number of cards. Our results are summarized in Table 1.

2. Preliminaries

2.1. Pile-scramble shuffles

A pile-scramble shuffle is a uniform closed shuffle that randomly permutes piles of cards. Suppose that we have the following card-sequence:

An -pile-scramble shuffle is a uniform closed shuffle that transforms the above card-sequence into the following card-sequence:

where is for some chosen uniformly at random.

2.2. Generalized Pile-scramble Protocol

Suppose that we have piles where the -th pile consists of cards. For a positive integer , we put . Suppose that is a partition of and for . For each , we apply a pile-scramble shuffle to the card-sequence consisting of the -th piles. We define a generalized pile-scramble protocol by the above procedure.

Example 2.1.

Suppose that we have the following card-sequence:

A generalized pile-scramble protocol for the above card-sequence is a sequence of pile-scramble shuffles: a pile-scramble shuffle to and a pile-scramble shuffle to . Applying it, we have one of the following sequences:

2.3. Graph Shuffles

First, we recall some fundamentals from graph theory; for details, see [1].

A directed graph is a quadruple consisting of two sets: (whose elements are called vertices) and (whose elements are called directed edges), and two maps which associates to its source and its target for , respectively. A directed edge with source and target is usually denoted by . A directed graph is said to be finite if both and are finite sets. In this paper, we deal with finite directed graphs. For a vertex , we define two sets and by and . The cardinality of and , denoted by and , are called the outdegree and the indegree, respectively. We remark that any undirected graph is regarded as a directed graph by changing each undirected edge to a 2-cycle

Let and be two directed graphs. A pair of maps consisting of and is a morphism of directed graphs if it satisfies the equation . In addition, if and are bijective, is called an isomorphism between and . In particular, an isomorphism between and itself is called an automorphism of . We denote by the set of all isomorphisms between and , and we write for all bijection such that for some . When , we set , and . The set has the group structure by using the composition of maps as a product and is called the automorphism group of . It is easy to check that the group structure of induces a group structure of . Then, we regard as a subgroup of .

Now, we recall the definition of graph shuffles [8].

Definition 2.2.

Let be a directed graph. The graph shuffle associated with is the uniform closed shuffle over .

2.4. Graph Shuffle Protocol

Let be a directed graph with vertices. A graph shuffle protocol for is a card-based protocol that implements a graph shuffle associated with . Given a card-sequence of cards as an input sequence, it outputs a card-sequence for as follows:

where is a card-sequence of helping cards. It is said to be correct if the chosen automorphism is distributed uniformly at random. It is said to be secure if a probability distribution of the chosen automorphism and a probability distribution of the visible sequence trace (see [10] for the definition) of the protocol are stochastically independent.

2.5. Miyamoto–Shinagawa’s Graph Shuffle Protocol

Let be a directed graph with vertices. Miyamoto–Shinagawa’s graph shuffle protocol [8] for requires two kinds of cards, black-cards and red-cards  . It proceeds as follows:

  1. Let be an input card-sequence. Place the cards as follows:

    where () is defined by

  2. Apply a generalized pile-scramble protocol to piles . Then we obtain a card-sequence:

    Here, is a permutation of given by the generalized pile-scramble protocol.

  3. For each vertex , we define by

    For each edge , we define by

    Place piles as follows:

    where .

  4. Apply to the card-sequence.

  5. Open the left card of all piles. If it is a black-card, turn over the right card. Then sort piles so that the left card lied as . Suppose that we have a card-sequence as follows:

  6. Define a graph by

  7. Choose an isomorphism . Set . Output , where is the right next card of .

3. Our Graph Shuffle Protocol

In this section, we propose a new graph shuffle protocol for an arbitrary directed graph, which is a more efficient protocol than that of [8] in terms of the number of cards.

3.1. Our Idea

The protocol in [8] needs piles of two cards: piles for vertices and piles for edges. Each pile corresponding to a vertex consists of a card representing a (randomized) vertex and the -th input card . Each pile corresponding to an edge consists of cards representing a randomized edge . Thus, the number of cards is .

Our idea to reduce the number of cards is that we make piles only. For each vertex, we assign a pile as follows. A pile associated with the -th vertex consists of the -th input card , a card representing a (randomized) vertex , and cards representing (randomized) outgoing edges from . Thus, the number of cards is .

3.2. Our Protocol

Let be an arbitrary directed graph with vertices and edges. We set . Let be an input card-sequence for the shuffle. Our protocol proceeds as follows.

  1. Place the cards as follows:

    where () is a pile of cards consists of copies of .

  2. Apply a generalized pile-scramble protocol to piles . Then we obtain a card-sequence:

    Here, is a permutation of given by the generalized pile-scramble protocol.

  3. Suppose as a multiset for each . Let be a pile of cards defined as follows:

    Place the card as follows:

  4. For each , except the first and second cards, apply to the cards. Let be the resultant pile. Then, the current card-sequence is

  5. Apply a generalized pile-scramble protocol to piles . Then we obtain the following card-sequence:

    Here, is a permutation of given by the generalized pile-scramble protocol.

  6. For each pile, turn over all cards except the first card. Then sort piles so that the second card is in ascending order as follows:

    Here, is a permutation of . Let be the first card of . For each , we suppose that