International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: A Sender Verifiable Mix-Net and a New Proof of a Shuffle

Douglas Wikstr?m
Search ePrint
Search Google
Abstract: We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no re-encryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability. We prove the security of the mix-net in the UC-framework against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle. Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption. Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.
  title={A Sender Verifiable Mix-Net and a New Proof of a Shuffle},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols, mix-net, anonymous channel, shuffle, electronic election},
  note={ 13033 received 10 May 2005, last revised 7 Sep 2005},
  author={Douglas Wikstr?m},