ROYALE: A Framework for Universally Composable Card Games with Financial Rewards and Penalties Enforcement

  • Bernardo David
  • Rafael Dowsley
  • Mario LarangeiraEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


While many tailor made card game protocols are known, the vast majority of those lack three important features: mechanisms for distributing financial rewards and punishing cheaters, composability guarantees and flexibility, focusing on the specific game of poker. Even though folklore holds that poker protocols can be used to play any card game, this conjecture remains unproven and, in fact, does not hold for a number of protocols (including recent results). We both tackle the problem of constructing protocols for general card games and initiate a treatment of such protocols in the Universal Composability (UC) framework, introducing an ideal functionality that captures card games that use a set of core card operations. Based on this formalism, we introduce Royale, the first UC-secure general card games which supports financial rewards/penalties enforcement. We remark that Royale also yields the first UC-secure poker protocol. Interestingly, Royale performs better than most previous works (that do not have composability guarantees), which we highlight through a detailed concrete complexity analysis and benchmarks from a prototype implementation.


  1. 1.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014). Scholar
  2. 2.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 443–458. IEEE Computer Society Press, May 2014Google Scholar
  3. 3.
    Barnett, A., Smart, N.P.: Mental poker revisited. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 370–383. Springer, Heidelberg (2003). Scholar
  4. 4.
    Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263–280. Springer, Heidelberg (2012). Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 93, pp. 62–73. ACM Press, November 1993Google Scholar
  6. 6.
    Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). Scholar
  7. 7.
    Bentov, I., Kumaresan, R., Miller, A.: Instantaneous decentralized poker. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 410–440. Springer, Cham (2017). Scholar
  8. 8.
    Buterin, V.: White paper. (2013). Accessed 5 Dec 2017
  9. 9.
    Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The wonderful world of global random Oracles. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 280–312. Springer, Cham (2018). Scholar
  10. 10.
    Camenisch, J., Krenn, S., Shoup, V.: A framework for practical universally composable zero-knowledge protocols. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 449–467. Springer, Heidelberg (2011). Scholar
  11. 11.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001Google Scholar
  12. 12.
    Canetti, R.: Universally composable signature, certification, and authentication. In: 17th IEEE Computer Security Foundations Workshop, (CSFW-17 2004), p. 219. IEEE Computer Society (2004)Google Scholar
  13. 13.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). Scholar
  14. 14.
    Castellà-Roca, J., Sebé, F., Domingo-Ferrer, J.: Dropout-tolerant TTP-free mental poker. In: Katsikas, S., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 30–40. Springer, Heidelberg (2005). Scholar
  15. 15.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). Scholar
  16. 16.
    Crépeau, C.: A secure poker protocol that minimizes the effect of player coalitions. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 73–86. Springer, Heidelberg (1986). Scholar
  17. 17.
    Crépeau, C.: A zero-knowledge poker protocol that achieves confidentiality of the players’ strategy or how to achieve an electronic poker face. In: Odlyzko [25], pp. 239–247Google Scholar
  18. 18.
    David, B., Dowsley, R., Larangeira, M.: 21 - bringing down the complexity: fast composable protocols for card games without secret state. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 45–63. Springer, Cham (2018). Scholar
  19. 19.
    David, B., Dowsley, R., Larangeira, M.: Kaleidoscope: an efficient poker protocol with payment distribution and penalty enforcement. To appear on Financial Cryptography and Data Security (FC) 2018 (2018).
  20. 20.
    David, B., Dowsley, R., Larangeira, M.: Royale: a framework for universally composable card games with financial rewards and penalties enforcement. Cryptology ePrint Archive, Report 2018/157 (2018).
  21. 21.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko [25], pp. 186–194Google Scholar
  22. 22.
    Golle, P.: Dealing cards in poker games. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, 4–6 April 2005, Las Vegas, Nevada, USA, pp. 506–511 (2005)Google Scholar
  23. 23.
    Kumaresan, R., Bentov, I.: How to use bitcoin to incentivize correct computations. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 30–41. ACM Press, November 2014Google Scholar
  24. 24.
    Kumaresan, R., Moran, T., Bentov, I.: How to use bitcoin to play decentralized poker. In: Ray, I., Li, N., Kruegel: C. (eds.) ACM CCS 2015, pp. 195–206. ACM Press (Oct 2015)Google Scholar
  25. 25.
    Odlyzko, A.M. (ed.): CRYPTO 1986. LNCS, vol. 263. Springer, Heidelberg (1987). Scholar
  26. 26.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). Scholar
  27. 27.
    Schindelhauer, C.: A toolbox for mental card games. Technical report, University of Lübeck (1998)Google Scholar
  28. 28.
    Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)CrossRefGoogle Scholar
  29. 29.
    Sebe, F., Domingo-Ferrer, J., Castella-Roca, J.: On the security of a repaired mental poker protocol. In: Third International Conference on Information Technology: New Generations, pp. 664–668 (2006)Google Scholar
  30. 30.
    Shamir, A., Rivest, R.L., Adleman, L.M.: Mental poker. In: Klarner, D.A. (ed.) The Mathematical Gardner, pp. 37–43. Springer, Boston (1981)CrossRefGoogle Scholar
  31. 31.
    Wei, T.J.: Secure and practical constant round mental poker. Inf. Sci. 273, 352–386 (2014)CrossRefGoogle Scholar
  32. 32.
    Wei, T.J., Wang, L.C.: A fast mental poker protocol. J. Math. Cryptol. 6(1), 39–68 (2012)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Wikipedia: Online Poker (2017). Accessed 29 Aug 2017
  34. 34.
    Zhang, B., Zhou, H.S.: Digital liquid democracy: How to vote your delegation statement. Cryptology ePrint Archive, Report 2017/616 (2017).
  35. 35.
    Zhao, W., Varadharajan, V.: Efficient TTP-free mental poker protocols. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, 4–6 April 2005, Las Vegas, Nevada, USA, pp. 745–750 (2005)Google Scholar
  36. 36.
    Zhao, W., Varadharajan, V., Mu, Y.: A secure mental poker protocol over the internet. In: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003, ACSW Frontiers 2003, vol. 21, pp. 105–109. Australian Computer Society Inc., Darlinghurst (2003)Google Scholar

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Bernardo David
    • 1
  • Rafael Dowsley
    • 2
    • 4
  • Mario Larangeira
    • 3
    • 4
    Email author
  1. 1.IT University of CopenhagenCopenhagenDenmark
  2. 2.Aarhus UniversityAarhusDenmark
  3. 3.Tokyo Institute of TechnologyTokyoJapan
  4. 4.IOHKHong KongChina

Personalised recommendations