Efficient Zero-Knowledge Argument for Correctness of a Shuffle
- Stephanie BayerAffiliated withUniversity College London
- , Jens GrothAffiliated withUniversity College London
Mix-nets are used in e-voting schemes and other applications that require anonymity. Shuffles of homomorphic encryptions are often used in the construction of mix-nets. A shuffle permutes and re-encrypts a set of ciphertexts, but as the plaintexts are encrypted it is not possible to verify directly whether the shuffle operation was done correctly or not. Therefore, to prove the correctness of a shuffle it is often necessary to use zero-knowledge arguments.
We propose an honest verifier zero-knowledge argument for the correctness of a shuffle of homomorphic encryptions. The suggested argument has sublinear communication complexity that is much smaller than the size of the shuffle itself. In addition the suggested argument matches the lowest computation cost for the verifier compared to previous work and also has an efficient prover. As a result our scheme is significantly more efficient than previous zero-knowledge schemes in literature.
We give performance measures from an implementation where the correctness of a shuffle of 100,000 ElGamal ciphertexts is proved and verified in around 2 minutes.
KeywordsShuffle zero-knowledge ElGamal encryption mix-net voting anonymous broadcast
- Efficient Zero-Knowledge Argument for Correctness of a Shuffle
- Book Title
- Advances in Cryptology – EUROCRYPT 2012
- Book Subtitle
- 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings
- pp 263-280
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- International Association for Cryptologic Research
- Additional Links
- ElGamal encryption
- anonymous broadcast
- Industry Sectors
To view the rest of this content please follow the download PDF link above.