Is it possible to play poker by post or email?
Yes, if we assume that there is a trusted 'know all' dealer who tells each player their cards. However, is it popssible *without* such a trusted person.

Let's summarise the problem. First we must shuffle the cards. Then the cards must be dealt, and no player must be able to tell what cards have been dealt.

Then we must allow the players to see their cards.

Finally we need to allow the various players to verify the cards of others.

The following discussion assumes an algorithm which is commutative. I.e. Suppose that we encode a message, M, using key K1, e.g. C1=E(M,K1), (this just means Encode M with K1), and then encode with K2 to get E(C1,K2), or C2=E(E(M,K1),K2). We can then decode in any order, i.e. Decrypt1=D(C2,K1), M=D(Decrypt1, K2) or Decrypt2=D(C2,K2), M=D(Decrypt2, K1). Whichever order we decode, we get the same M.

The shuffling problem, first of all. Imagine that we have 52 cards. Each card is represented by a short message, M(card). Each of these messages is digitally signed by each player to avoid tampering. The card message includes a timestamp, so a card can only be used in a particular game.

The first player encodes each of the messages. The algorithm must be strong enough to withstand known plaintext attacks, as well as attacks due to the key being repeatedly used.

The first player shuffles these messages and sends them to player 2.

Player 2 encrypts all of these messages again using their key. Mixes them up and sends them back. Each card is now: C=E(E(M,K1),K2)

Player 1 picks his hand from the messages, and sends these cards to player 2. Player 2 decrypts these cards to produce E(M,K1). He sends the cards to player 1 who decrypts to give M, the value of each card.

Player 1 then picks some random cards for player 2's hand. He decrypts these. C=E(E(M,K1),K2) is decrypted to D(E(E(M,K1),K2),K1). As the encryption is commutative, the result is the original card encrypted by player 2 alone. E(M,K2). Player 2 can then decrypt these to find their hand. The remaining cards are still encrypted by both keys.

When the game is played, and it becomes neccesary to show the cards the card may be published. Each player can verify the digital signatures (not only their own, but those of other people). The timestamp within the card message confirms that the player isn't simply publishing a card which they had a copy of from an earlier game (the timestamp will have been signed).

Of course, all of this can be done by software quite quickly, and so in practice would not be as cumbersome as it sounds.

By post, one could do a similar thing using padlocks and putting cards in boxes. There will be one box per card, and each box can have a padlock per player on it. Encrypting equates to putting your padlock on, decrypting to taking it off again.