A sender verifiable mix-net and a new proof of a shuffle
2005 (English)In: ADVANCES IN CRYPTOLOGY ASIACRYPT 200 / [ed] Roy, B, BERLIN: SPRINGER-VERLAG BERLIN , 2005, Vol. 3788, 273-292 p.Conference paper (Refereed)
We introduce the first El Carnal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no reencryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability. The mix-net is provably UC-secure against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle. Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption. Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.
Place, publisher, year, edition, pages
BERLIN: SPRINGER-VERLAG BERLIN , 2005. Vol. 3788, 273-292 p.
, LECTURE NOTES IN COMPUTER SCIENCE, ISSN 0302-9743 ; 3788
IdentifiersURN: urn:nbn:se:kth:diva-42690ISI: 000234879200015ScopusID: 2-s2.0-33646794034ISBN: 3-540-30684-6OAI: oai:DiVA.org:kth-42690DiVA: diva2:447503
11th International Conference on the Theory and Application of Cryptology and Information Security. Chennai, INDIA. DEC 04-08, 2005
QC 201110112011-10-122011-10-112012-01-20Bibliographically approved