CryptoDB
A Sender Verifiable Mix-Net and a New Proof of a Shuffle
| Authors: | |
|---|---|
| Download: | |
| Abstract: | We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no re-encryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability. We prove the security of the mix-net in the UC-framework against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle. Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption. Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions. |
BibTeX
@misc{eprint-2005-12473,
title={A Sender Verifiable Mix-Net and a New Proof of a Shuffle},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols, mix-net, anonymous channel, shuffle, electronic election},
url={http://eprint.iacr.org/2005/137},
note={ dog@nada.kth.se 13033 received 10 May 2005, last revised 7 Sep 2005},
author={Douglas Wikstr?m},
year=2005
}