Verifiable Shuffle of Large Size Ciphertexts

A shuffle is a permutation and rerandomization of a set of ciphertexts. Among other things, it can be used to construct mix-nets that are used in anonymization protocols and voting schemes. While shuffling is easy, it is hard for an outsider to verify that a shuffle has been performed correctly. We suggest two efficient honest verifier zero-knowledge (HVZK) arguments for correctness of a shuffle. Our goal is to minimize round-complexity and at the same time have low communicational and computational complexity. The two schemes we suggest are both 3-move HVZK arguments for correctness of a shuffle. We first suggest a HVZK argument based on homomorphic integer commitments, and improve both on round complexity, communication complexity and computational complexity in comparison with state of the art. The second HVZK argument is based on homomorphic commitments over finite fields. Here we improve on the computational complexity and communication complexity when shuffling large ciphertexts.

[1]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[2]  Douglas Wikström,et al.  A Sender Verifiable Mix-Net and a New Proof of a Shuffle , 2005, ASIACRYPT.

[3]  Jun Furukawa Efficient and Verifiable Shuffling and Shuffle-Decryption , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[4]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[5]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[6]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[7]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[8]  Masayuki Abe,et al.  Remarks on Mix-Network Based on Permutation Networks , 2001, Public Key Cryptography.

[9]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[10]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[11]  N. S. Barnett,et al.  Private communication , 1969 .

[12]  Jens Groth,et al.  Cryptography in Subgroups of Z ∗ n , 2005 .

[13]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[14]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[15]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[16]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[17]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[18]  Niklaus Wirth,et al.  Advances in Cryptology — EUROCRYPT ’88 , 2000, Lecture Notes in Computer Science.

[19]  Reihaneh Safavi-Naini,et al.  A Provably Secure and Efficient Verifiable Shuffle based on a Variant of the Paillier Cryptosystem , 2005, J. Univers. Comput. Sci..

[20]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[21]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[22]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[23]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[24]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[25]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[26]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[27]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[28]  Georg Gottlob,et al.  Database Theory — ICDT '95 , 1995, Lecture Notes in Computer Science.

[29]  Reihaneh Safavi-Naini,et al.  Verifiable Shuffles: A Formal Model and a Paillier-Based Efficient Construction with Provable Security , 2004, ACNS.

[30]  Ed Dawson,et al.  Simple and Efficient Shuffling with Provable Correctness and ZK Privacy , 2005, CRYPTO.

[31]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[32]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[33]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[34]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.