Convergence of Cyclic Random Walks with an Application to Cryptanalysis

Imagine that you and some friends are playing a version of roulette. The wheel is divided into 36 sectors, alternately colored red and black. Before spinning the wheel, the contestant chooses a color and then wins or loses depending on whether or not his color comes up. You, the master player, have honed an ability to spin the wheel exactly 3620◦ with high probability. Thus, if the wheel is initially on a red sector, then after your spin, it will again be on a red sector, and similarly for black. Of course, nobody’s perfect, so let us say that 90% of your spins return the wheel to the same color on which they begin. After you’ve cleaned out your friends a couple of times, they begin to wise up. One of them proposes a small change in the rules. Instead of a single spin, the contestant must spin the wheel 10 consecutive times. It is only if his initial guess matches the outcome after the tenth spin that he wins the game. Is this fellow on to something? Will the new rule blunt your advantage? Let us assume that you continue to bet on the wheel’s starting color, and think of each spin as a coin toss in which the probability of ‘heads’ is 0.9 (i.e., the wheel returns to its starting color after one spin). Then you will win the game if the number of tails after 10 tosses is an even number. The probability of this is easily computed to be ∑5 k=0 ( 10 2k ) (.1)2k(.9)10−2k ≈ 0.55. It seems clear from Figure 1 that as the required number of spins increases, your advantage diminishes. When used with a large number of spins, the game resembles a fair coin-toss, no matter how biased is a single spin. The behavior of the “bias” of an iterated Bernoulli variable when computed modulo 2, and generalizations to iterations modulom form > 2, is the subject of this article. This equalizing phenomenon has been understood at least since the 1950’s in the context of cyclic random walks, Feller [7, section 16.2(d)]; random number generation, Horton and Smith [14] and Dvoretsky and Wolfowitz [5]; and card-shuffling, Aldous and Diaconis [1], among other