[Resource Topic] 2005/137: A Sender Verifiable Mix-Net and a New Proof of a Shuffle

Welcome to the resource topic for 2005/137

A Sender Verifiable Mix-Net and a New Proof of a Shuffle

Authors: Douglas Wikström


We introduce the first El Gamal based mix-net in which each mix-server
partially decrypts and permutes its input, i.e., no re-encryption is
necessary. An interesting property of the construction is that a
sender can verify non-interactively that its message is processed
correctly. We call this sender verifiability.

We prove the security of the mix-net in the UC-framework against
static adversaries corrupting any minority of the mix-servers. The
result holds under the decision Diffie-Hellman assumption, and
assuming an ideal bulletin board and an ideal zero-knowledge proof of
knowledge of a correct shuffle.

Then we construct the first proof of a decryption-permutation shuffle,
and show how this can be transformed into a zero-knowledge proof of
knowledge in the UC-framework. The protocol is sound under the strong
RSA-assumption and the discrete logarithm assumption.

Our proof of a shuffle is not a variation of existing methods. It is
based on a novel idea of independent interest, and we argue that it is
at least as efficient as previous constructions.

ePrint: https://eprint.iacr.org/2005/137

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .