Alice has a secret permutation $\alpha$ (a random permutation of an $n$-set; $n=18$ would be a decent choice for the application I have in mind). She wants to convince Bob that she has $\alpha$, but doesn't want to tell him what $\alpha$ is.
Fortunately, they prepared for this in advance. When $\alpha$ was initially generated, a certificate $c(\alpha)$ was given to Bob. So, Alice computes $c(\alpha)$ and sends it to Bob, and Bob checks it against his version, thereby verifying that Alice indeed has $\alpha$.
Q: What is a good choice of certification function $c$?
I don't need 100% surety here. But it needs to be unlikely that Debbie (who does not know $\alpha$) can guess what $c(\alpha)$ is (thereby convincing Bob that she has $\alpha$ when she doesn't).
Schemes that are not particularly satisfying:
Obviously $c(\alpha)=\alpha$ is not a good choice: it reveals to Bob what $\alpha$ is.
If $c$ is "the number of fixed points" function, then Debbie would have a reasonable chance (asymptotically $\frac{1}{e}$ (link)) of guessing correctly by choosing $0$ (convincing Bob that she has $\alpha$, when she does not). It also gives Bob partial information about what $\alpha$ is.
It would be possible to use some kind of cryptographic hash function, but using something like MD5 or a SHA seems like overkill for this application.