Proof of a Shuffle for Lattice-Based Cryptography

In this paper we present the first proof of a shuffle for lattice-based cryptography which can be used to build a universally verifiable mix-net capable of mixing votes encrypted with a post-quantum algorithm, thus achieving long-term privacy. Universal verifiability is achieved by means of the publication of a non-interactive zero knowledge proof of a shuffle generated by each mix-node which can be verified by any observer. This published data guarantees long-term privacy since its security is based on perfectly hiding commitments and also on the hardness of solving the Ring Learning With Errors (RLWE) problem, that is widely believed to be quantum resistant.

[1]  Douglas Wikström,et al.  A Universally Composable Mix-Net , 2004, TCC.

[2]  Jens Groth,et al.  A Verifiable Secret Shuffle of Homomorphic Encryptions , 2003, Journal of Cryptology.

[3]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[4]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[5]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[6]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[7]  Michael Schneider,et al.  Estimating the Security of Lattice-based Cryptosystems , 2010, IACR Cryptol. ePrint Arch..

[8]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[9]  O. Regev The Learning with Errors problem , 2010 .

[10]  Douglas Wikström,et al.  The Security of a Mix-Center Based on a Semantically Secure Cryptosystem , 2002, INDOCRYPT.

[11]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[12]  Douglas Wikström,et al.  A Commitment-Consistent Proof of a Shuffle , 2009, ACISP.

[13]  Jeroen van de Graaf,et al.  Towards a Publicly-Verifiable Mix-Net Providing Everlasting Privacy , 2013, Financial Cryptography.

[14]  Damien Stehlé,et al.  Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications , 2013, Public Key Cryptography.

[15]  Bingsheng Zhang,et al.  A more efficient computationally sound non-interactive zero-knowledge shuffle argument , 2012, J. Comput. Secur..

[16]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[17]  Nicolas Gama,et al.  An Homomorphic LWE based E-voting Scheme , 2015 .

[18]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[19]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[20]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[21]  Rolf Haenni,et al.  Verifiable Internet Elections with Everlasting Privacy and Minimal Trust , 2015, VoteID.

[22]  Ben Adida,et al.  How to Shuffle in Public , 2007, TCC.

[23]  C. Pandu Rangan,et al.  Lattice Based Mix Network for Location Privacy in Mobile System , 2015, Mob. Inf. Syst..

[24]  Rolf Haenni,et al.  Coercion-Resistant Internet Voting with Everlasting Privacy , 2016, Financial Cryptography Workshops.

[25]  Kaoru Kurosawa,et al.  Efficient Anonymous Channel and All/Nothing Election Scheme , 1994, EUROCRYPT.

[26]  Jeroen van de Graaf,et al.  Prêt à Voter Providing Everlasting Privacy , 2013, VoteID.

[27]  Helger Lipmaa,et al.  A Shuffle Argument Secure in the Generic Model , 2016, ASIACRYPT.

[28]  Helger Lipmaa,et al.  Efficient Culpably Sound NIZK Shuffle Argument Without Random Oracles , 2016, CT-RSA.

[29]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[30]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[31]  Jens Groth,et al.  A Non-interactive Shuffle with Pairing Based Verifiability , 2007, ASIACRYPT.

[32]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[33]  Douglas Wikström,et al.  A Sender Verifiable Mix-Net and a New Proof of a Shuffle , 2005, ASIACRYPT.

[34]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[35]  Stephan Krenn,et al.  Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings , 2015, ESORICS.

[36]  Ben Adida,et al.  Offline/Online Mixing , 2007, ICALP.

[37]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[38]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[39]  C. Pandu Rangan,et al.  Lattice Based Universal Re-encryption for Mixnet , 2014, J. Internet Serv. Inf. Secur..

[40]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[41]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[42]  Douglas Wikström,et al.  Proofs of Restricted Shuffles , 2010, AFRICACRYPT.