Lattice-based proof of a shuffle

In this paper we present the first fully post-quantum proof of a shuffle for RLWE encryption schemes. Shuffles are commonly used to construct mixing networks (mix-nets), a key element to ensure anonymity in many applications such as electronic voting systems. They should preserve anonymity even against an attack using quantum computers in order to guarantee long-term privacy. The proof presented in this paper is built over RLWE commitments which are perfectly binding and computationally hiding under the RLWE assumption, thus achieving security in a post-quantum scenario. Furthermore we provide a new definition for a secure mixing node (mix-node) and prove that our construction satisfies this definition.

[1]  Douglas Wikström,et al.  Proofs of Restricted Shuffles , 2010, AFRICACRYPT.

[2]  Ivan Damgård,et al.  Amortized Complexity of Zero-Knowledge Proofs Revisited: Achieving Linear Soundness Slack , 2016, EUROCRYPT.

[3]  Masayuki Abe,et al.  Universally Verifiable Mix-net with Verification Work Indendent of the Number of Mix-servers , 1998, EUROCRYPT.

[4]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[5]  Jens Groth,et al.  A Verifiable Secret Shuffle of Homomorphic Encryptions , 2003, Journal of Cryptology.

[6]  Dominique Unruh,et al.  Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model , 2015, EUROCRYPT.

[7]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[8]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[9]  Dominique Unruh,et al.  Post-quantum Security of Fiat-Shamir , 2017, ASIACRYPT.

[10]  Gregory Neven,et al.  Practical Quantum-Safe Voting from Lattices , 2017, IACR Cryptol. ePrint Arch..

[11]  Nicolas Gama,et al.  An Homomorphic LWE based E-voting Scheme , 2015 .

[12]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[13]  Ivan Damgård,et al.  More Efficient Commitments from Structured Lattice Assumptions , 2018, SCN.

[14]  Masayuki Abe,et al.  Remarks on Mix-Network Based on Permutation Networks , 2001, Public Key Cryptography.

[15]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[16]  Stephan Krenn,et al.  Efficient Zero-Knowledge Proofs for Commitments from Learning with Errors over Rings , 2015, ESORICS.

[17]  Yuval Ishai,et al.  Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle , 2008, EUROCRYPT.

[18]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[19]  Martin Strand,et al.  A verifiable shuffle for the GSW cryptosystem , 2018, IACR Cryptol. ePrint Arch..

[20]  C. A. Neff Verifiable Mixing (Shuffling) of ElGamal Pairs , 2004 .

[21]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[22]  Jun Furukawa Efficient and Verifiable Shuffling and Shuffle-Decryption , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[23]  Jens Groth,et al.  Verifiable Shuffle of Large Size Ciphertexts , 2007, Public Key Cryptography.

[24]  C. Pandu Rangan,et al.  Lattice Based Mix Network for Location Privacy in Mobile System , 2015, Mob. Inf. Syst..

[25]  Jens Groth,et al.  Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists , 2013, EUROCRYPT.

[26]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[27]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[28]  Douglas Wikström,et al.  The Security of a Mix-Center Based on a Semantically Secure Cryptosystem , 2002, INDOCRYPT.

[29]  Vadim Lyubashevsky,et al.  Simple Amortized Proofs of Shortness for Linear Relations over Polynomial Rings , 2017, IACR Cryptol. ePrint Arch..

[30]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[31]  Vadim Lyubashevsky,et al.  Amortization with Fewer Equations for Proving Knowledge of Small Secrets , 2017, CRYPTO.

[32]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[33]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[34]  Douglas Wikström,et al.  A Commitment-Consistent Proof of a Shuffle , 2009, ACISP.

[35]  Paz Morillo,et al.  Proof of a Shuffle for Lattice-Based Cryptography , 2017, NordSec.

[36]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[37]  Ron Steinfeld,et al.  Efficient Public Key Encryption Based on Ideal Lattices , 2009, ASIACRYPT.