A Sender Verifiable Mix-Net and a New Proof of a Shuffle

Wikström, Douglas

doi:10.1007/11593447_15

Cited by 60 publications

(168 citation statements)

References 48 publications

Supporting

Mentioning

164

Contrasting

Order By: Relevance

“…There are more recent works other than [27], where better efficiencies has been achieved ( [19,33]) in computation. In [19], the comparison in efficiency has been made among verification protocols including the one by Peng et al [27] and the one by Groth and Lu [19].…”

Section: Comparisonmentioning

confidence: 99%

“…Roughly speaking, there are two kinds of proof system of mix-nets; one is optimistic and the other is verifiable proof system. The correctness of the shuffling of the whole mix-net is verified after the mix-net outputs the shuffling results in plain texts in optimistic proof system [17], while in verifiable proof system each mix server provides proofs of correctness of the shuffling [28,14,1,18,22,23,27,33].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Verification of a Paillier Based Shuffle Using Representations of the Symmetric Group

Cho¹,

Hong²

2009

Bulletin of the Korean Mathematical Society

View full text Add to dashboard Cite

Abstract. We use an idea of linear representations of the symmetric group to reduce the number of communication rounds in the verification protocol, proposed in Crypto 2005 by Peng et al., of a shuffling. We assume Paillier encryption scheme with which we can apply some known zero-knowledge proofs following the same line of approaches of Peng et al. Incidence matrices of 1-subsets and 2-subsets of a finite set is intensively used for the implementation, and the idea of λ-designs is employed for the improvement of the computational complexity.

show abstract

Section: Comparisonmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Verification of a Paillier Based Shuffle Using Representations of the Symmetric Group

Cho¹,

Hong²

2009

Bulletin of the Korean Mathematical Society

View full text Add to dashboard Cite

show abstract

“…Related Work on Shuffling Ciphertexts. Shuffles and mixing in general were introduced by Chaum in 1981 [16], and the problem of verifiable shuffles was introduced by Sako and Kilian in 1995 [38]; the work on verifiable shuffles in the ensuing sixteen years has been extensive and varied [2,26,6,34,29,25,41,31]. In 1998, Abe [1] considered the problem of compact proofs of shuffles.…”

Section: Introductionmentioning

confidence: 99%

Malleable Proof Systems and Applications

Chase

Kohlweiss

Lysyanskaya

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Malleability for cryptography is not necessarily an opportunity for attack; in many cases it is a potentially useful feature that can be exploited. In this work, we examine notions of malleability for non-interactive zero-knowledge (NIZK) proofs. We start by defining a malleable proof system, and then consider ways to meaningfully control the malleability of the proof system, as in many settings we would like to guarantee that only certain types of transformations can be performed.As our motivating application, we consider a shorter proof for verifiable shuffles. Our controlled-malleable proofs allow us for the first time to use one compact proof to prove the correctness of an entire multi-step shuffle. Each authority takes as input a set of encrypted votes and a controlled-malleable NIZK proof that these are a shuffle of the original encrypted votes submitted by the voters; it then permutes and re-randomizes these votes and updates the proof by exploiting its controlled malleability. As another application, we generically use controlledmalleable proofs to realize a strong notion of encryption security.Finally, we examine malleability in existing proof systems and observe that Groth-Sahai proofs are malleable. We then go beyond this observation by characterizing all the ways in which they are malleable, and use them to efficiently instantiate our generic constructions from above; this means we can instantiate our proofs and all their applications using only the Decision Linear (DLIN) assumption.

show abstract

“…The first rigorous definition of security was given by Abe and Imai [1], but they did not construct a scheme satisfying their construction. Wikström [29] gives the first definition of a universally composable (UC) mix-net, the first UC-secure construction, and also a more efficient UC-secure scheme [30]. An important building block in the construction of a mix-net is a so called proof of a shuffle that allows the mix-servers to prove that they follow the protocol.…”

Section: Introductionmentioning

confidence: 99%

A Commitment-Consistent Proof of a Shuffle

Wikström

2009

Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

We introduce a pre-computation technique that drastically reduces the online computational complexity of mix-nets based on homomorphic cryptosystems. More precisely, we show that there is a permutation commitment scheme that allows a mix-server to: (1) commit to a permutation and efficiently prove knowledge of doing so correctly in the offline phase, and (2) shuffle its input and give an extremely efficient commitment-consistent proof of a shuffle in the online phase.We prove our result for a general class of shuffle maps that generalize all known types of shuffles, and even allows shuffling ciphertexts of different cryptosystems in parallel.

show abstract

A Sender Verifiable Mix-Net and a New Proof of a Shuffle

Cited by 60 publications

References 48 publications

Verification of a Paillier Based Shuffle Using Representations of the Symmetric Group

Verification of a Paillier Based Shuffle Using Representations of the Symmetric Group

Malleable Proof Systems and Applications

A Commitment-Consistent Proof of a Shuffle

Contact Info

Product

Resources

About