Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle

11 years 3 months ago
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle
A shuffle of a set of ciphertexts is a new set of ciphertexts with the same plaintexts in permuted order. Shuffles of homomorphic encryptions are a key component in mix-nets, which in turn are used in protocols for anonymization and voting. Since the plaintexts are encrypted it is not directly verifiable whether a shuffle is correct, and it is often necessary to prove the correctness of a shuffle using a zeroknowledge proof or argument. In previous zero-knowledge shuffle arguments from the literature the communication complexity grows linearly with the number of ciphertexts in the shuffle. We suggest the first practical shuffle argument with sub-linear communication complexity. Our result stems from combining previous work on shuffle arguments with ideas taken from probabilistically checkable proofs.
Jens Groth, Yuval Ishai
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Authors Jens Groth, Yuval Ishai
Comments (0)