Welcome to the resource topic for 2005/137
A Sender Verifiable Mix-Net and a New Proof of a Shuffle
Authors: Douglas WikströmAbstract:
We introduce the first El Gamal based mix-net in which each mix-server
partially decrypts and permutes its input, i.e., no re-encryption is
necessary. An interesting property of the construction is that a
sender can verify non-interactively that its message is processed
correctly. We call this sender verifiability.
We prove the security of the mix-net in the UC-framework against
static adversaries corrupting any minority of the mix-servers. The
result holds under the decision Diffie-Hellman assumption, and
assuming an ideal bulletin board and an ideal zero-knowledge proof of
knowledge of a correct shuffle.
Then we construct the first proof of a decryption-permutation shuffle,
and show how this can be transformed into a zero-knowledge proof of
knowledge in the UC-framework. The protocol is sound under the strong
RSA-assumption and the discrete logarithm assumption.
Our proof of a shuffle is not a variation of existing methods. It is
based on a novel idea of independent interest, and we argue that it is
at least as efficient as previous constructions.
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .