Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2012: Advances in Cryptology – EUROCRYPT 2012 pp 263-280

Efficient Zero-Knowledge Argument for Correctness of a Shuffle

  • Stephanie Bayer
  • Jens Groth
Conference paper

DOI: 10.1007/978-3-642-29011-4_17

Volume 7237 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

Mix-nets are used in e-voting schemes and other applications that require anonymity. Shuffles of homomorphic encryptions are often used in the construction of mix-nets. A shuffle permutes and re-encrypts a set of ciphertexts, but as the plaintexts are encrypted it is not possible to verify directly whether the shuffle operation was done correctly or not. Therefore, to prove the correctness of a shuffle it is often necessary to use zero-knowledge arguments.

We propose an honest verifier zero-knowledge argument for the correctness of a shuffle of homomorphic encryptions. The suggested argument has sublinear communication complexity that is much smaller than the size of the shuffle itself. In addition the suggested argument matches the lowest computation cost for the verifier compared to previous work and also has an efficient prover. As a result our scheme is significantly more efficient than previous zero-knowledge schemes in literature.

We give performance measures from an implementation where the correctness of a shuffle of 100,000 ElGamal ciphertexts is proved and verified in around 2 minutes.

Keywords

Shufflezero-knowledgeElGamal encryptionmix-netvotinganonymous broadcast
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Stephanie Bayer
    • 1
  • Jens Groth
    • 1
  1. 1.University College LondonUK