CONVERGENCE OF CYCLIC RANDOM WALKS WITH AN APPLICATION TO CRYPTANALYSIS CLIFFORD BERGMAN 1 AND SUNDER SETHURAMAN 2 Imagine that you and some friends are playing a version of roulette. The wheel is divided into 36 sectors, alternately colored red and black. Before spinning the wheel, the contestant chooses a color and then wins or loses depending on whether or not his color comes up. You, the master player, have honed an ability to spin the wheel exactly 3620 ◦ with high probability. Thus, if the wheel is initially on a red sector, then after your spin, it will again be on a red sector, and similarly for black. Of course, nobody’s perfect, so let us say that 90% of your spins return the wheel to the same color on which they begin. After you’ve cleaned out your friends a couple of times, they begin to wise up. One of them proposes a small change in the rules. Instead of a single spin, the contestant must spin the wheel 10 consecutive times. It is only if his initial guess matches the outcome after the tenth spin that he wins the game. Is this fellow on to something? Will the new rule blunt your advantage? Let us assume that you continue to bet on the wheel’s starting color, and think of each spin as a coin toss in which the probability of ‘heads’ is 0.9 (i.e., the wheel returns to its starting color after one spin). Then you will win the game if the number of tails after 10 tosses is an even number. The probability of this is easily computed to be ∑ 5 k=0 ( 10 2k ) (.1) 2k (.9) 10−2k ≈ 0.55. It seems clear from Figure 1 that as the required number of spins increases, your advantage diminishes. When used with a large number of spins, the game resembles a fair coin-toss, no matter how biased is a single spin. The behavior of the “bias” of an iterated Bernoulli variable when com- puted modulo 2, and generalizations to iterations modulo m for m> 2, is the subject of this article. This equalizing phenomenon has been understood at least since the 1950’s in the context of cyclic random walks, Feller [7, section 16.2(d)]; random number generation, Horton and Smith [14] and Dvoretsky and Wolfowitz [5]; and card-shuffling, Aldous and Diaconis [1], among other 2000 Mathematics Subject Classification. primary 60B10; secondary 60B15, 94B60. Key words and phrases. random walk, circulant matrix, DES cipher, cyclic group. Address: 400 Carver Hall, Department of Mathematics, Iowa State University, Ames, IA 50011 1 E-mail: cbergman@iastate.edu. 2 E-mail: sethuram@iastate.edu. Research supported in part by NSF grant DMS-0071504. 1