Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security

A shuffle takes a list of ciphertexts and outputs a permuted list of re-encryptions of the input ciphertexts. Mix-nets, a popular method for anonymous routing, can be constructed from a sequence of shuffles and decryption. We propose a formal model for security of verifiable shuffles and a new verifiable shuffle system based on the Paillier encryption scheme, and prove its security in the proposed dmodel. The model is general and can be extended to provide provable security for verifiable shuffle decryption.

[1]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[2]  Markus Jakobsson,et al.  An optimally robust hybrid mix network , 2001, PODC '01.

[3]  Reihaneh Safavi-Naini,et al.  Verifiable Shuffles: A Formal Model and a Paillier-Based Efficient Construction with Provable Security , 2004, ACNS.

[4]  Douglas Wikström,et al.  The Security of a Mix-Center Based on a Semantically Secure Cryptosystem , 2002, INDOCRYPT.

[5]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[6]  Kaoru Kurosawa,et al.  Attack for Flash MIX , 2000, ASIACRYPT.

[7]  Dan Boneh,et al.  Almost entirely correct mixing with applications to voting , 2002, CCS '02.

[8]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[9]  Markus Jakobsson,et al.  Security of Signed ElGamal Encryption , 2000, ASIACRYPT.

[10]  Satoshi Obana,et al.  An Implementation of a Universally Verifiable Electronic Voting Scheme based on Shuffling , 2002, Financial Cryptography.

[11]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[12]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[13]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[14]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[15]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts (Extended Abstract) , 2000 .

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[18]  Moti Yung,et al.  On the Security of ElGamal based , 1998 .

[19]  David Pointcheval,et al.  Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks , 2001, ASIACRYPT.

[20]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[21]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[22]  Kaoru Kurosawa,et al.  Efficient Anonymous Channel and All/Nothing Election Scheme , 1994, EUROCRYPT.

[23]  Manindra Agrawal,et al.  PRIMES is in P , 2004 .

[24]  Masayuki Abe,et al.  Remarks on Mix-Network Based on Permutation Networks , 2001, Public Key Cryptography.

[25]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[26]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[27]  Birgit Pfitzmann,et al.  Breaking Efficient Anonymous Channel , 1994, EUROCRYPT.

[28]  Ari Juels,et al.  Targeted Advertising ... And Privacy Too , 2001, CT-RSA.

[29]  Hideki Imai,et al.  Flaws in Some Robust Optimistic Mix-Nets , 2003, ACISP.

[30]  Reihaneh Safavi-Naini,et al.  An Efficient Verifiable Shuffle with Perfect Zero-knowledge Proof System , 2004, Cryptographic Algorithms and their Uses.

[31]  Jun Furukawa,et al.  Efficient, Verifiable Shuffle Decryption and Its Requirement of Unlinkability , 2004, Public Key Cryptography.

[32]  Xiaoyan Hong,et al.  ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks , 2003, MobiHoc '03.

[33]  C. A. Neff Verifiable Mixing (Shuffling) of ElGamal Pairs , 2004 .

[34]  Masayuki Abe,et al.  Combining Encryption and Proof of Knowledge in the Random Oracle Model , 2004, Comput. J..

[35]  John Sullivan,et al.  Another Look at , 1979 .

[36]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[37]  Reihaneh Safavi-Naini,et al.  Breaking and Mending Resilient Mix-Nets , 2003, Privacy Enhancing Technologies.

[38]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[39]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[40]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[41]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[42]  Kwangjo Kim,et al.  Authentication and payment protocol preserving location privacy in mobile IP , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[43]  Alfred Menezes,et al.  Another Look at "Provable Security" , 2005, Journal of Cryptology.

[44]  Kazue Sako,et al.  Fault tolerant anonymous channel , 1997, ICICS.

[45]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[46]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[47]  Markus Jakobsson,et al.  Mix-Based Electronic Payments , 1998, Selected Areas in Cryptography.

[48]  Markus Jakobsson,et al.  Flash mixing , 1999, PODC '99.

[49]  Markus Jakobsson,et al.  Optimistic Mixing for Exit-Polls , 2002, ASIACRYPT.

[50]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[51]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[52]  Masayuki Abe,et al.  Universally Verifiable Mix-net with Verification Work Indendent of the Number of Mix-servers , 1998, EUROCRYPT.

[53]  Douglas Wikström,et al.  Five Practical Attacks for "Optimistic Mixing for Exit-Polls" , 2003, Selected Areas in Cryptography.

[54]  Masayuki Abe,et al.  A Length-Invariant Hybrid Mix , 2000, ASIACRYPT.

[55]  Yossi Matias,et al.  How to Make Personalized Web Browising Simple, Secure, and Anonymous , 1997, Financial Cryptography.