Verifiable Shuffled Decryption

We describe the Verifiable Shuffled Decryption problem, and present five solutions based on adapting several existing verifiable shuffles. All but one may have potential for implementation, the choice of which would depend on the required level of security and computational restrictions given by the available hardware.

[1]  Douglas Wikström,et al.  Proofs of Restricted Shuffles , 2010, AFRICACRYPT.

[2]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[3]  Yael Tauman Kalai,et al.  Attacks on the Fiat-Shamir paradigm and program obfuscation , 2006 .

[4]  Bingsheng Zhang,et al.  A more efficient computationally sound non-interactive zero-knowledge shuffle argument , 2013, J. Comput. Secur..

[5]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[6]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[7]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[8]  Jens Groth,et al.  Efficient Zero-Knowledge Argument for Correctness of a Shuffle , 2012, EUROCRYPT.

[9]  Ernest F. Brickell,et al.  Fast Exponentiation with Precomputation (Extended Abstract) , 1992, EUROCRYPT.

[10]  Bogdan Warinschi,et al.  How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios , 2012, ASIACRYPT.

[11]  C. A. Neff Verifiable Mixing (Shuffling) of ElGamal Pairs , 2004 .

[12]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[13]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[16]  Jun Furukawa Efficient and Verifiable Shuffling and Shuffle-Decryption , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[17]  Kristian Gjøsteen,et al.  A Novel Framework for Protocol Analysis , 2011, ProvSec.

[18]  Kazue Sako,et al.  An Ecient Scheme for Proving a Shue , 2001 .

[19]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[20]  Ed Dawson,et al.  Modification and optimisation of a shuffling scheme: stronger security, formal analysis and higher efficiency , 2011, International Journal of Information Security.

[21]  Jian Weng,et al.  Zero-Knowledge Argument for Simultaneous Discrete Logarithms , 2010, COCOON.

[22]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[23]  Jens Groth,et al.  A Verifiable Secret Shuffle of Homomorphic Encryptions , 2003, Journal of Cryptology.

[24]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[25]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[26]  Kristian Gjøsteen,et al.  Analysis of an internet voting protocol , 2010, IACR Cryptol. ePrint Arch..

[27]  Ueli Maurer,et al.  Unifying Zero-Knowledge Proofs of Knowledge , 2009, AFRICACRYPT.

[28]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[29]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.