Sub-linear zero-knowledge argument for correctness of a shuffle

Jens Groth; Yuval Ishai

doi:10.1007/978-3-540-78967-3_22

Sub-linear zero-knowledge argument for correctness of a shuffle

Jens Groth, Yuval Ishai

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

59 Scopus citations

Abstract

A shuffle of a set of ciphertexts is a new set of ciphertexts with the same plaintexts in permuted order. Shuffles of homomorphic encryptions are a key component in mix-nets, which in turn are used in protocols for anonymization and voting. Since the plaintexts are encrypted it is not directly verifiable whether a shuffle is correct, and it is often necessary to prove the correctness of a shuffle using a zero-knowledge proof or argument. In previous zero-knowledge shuffle arguments from the literature the communication complexity grows linearly with the number of ciphertexts in the shuffle. We suggest the first practical shuffle argument with sub-linear communication complexity. Our result stems from combining previous work on shuffle arguments with ideas taken from probabilistically checkable proofs.

Original language	English
Title of host publication	Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Pages	379-396
Number of pages	18
DOIs	https://doi.org/10.1007/978-3-540-78967-3_22
State	Published - 2008
Externally published	Yes
Event	27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008 - Istanbul, Turkey Duration: 13 Apr 2008 → 17 Apr 2008

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4965 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008
Country/Territory	Turkey
City	Istanbul
Period	13/04/08 → 17/04/08

Keywords

Homomorphic encryption
Mix-net
Shuffle
Sub-linear communication
Zero-knowledge argument

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-540-78967-3_22

Cite this

Groth, J., & Ishai, Y. (2008). Sub-linear zero-knowledge argument for correctness of a shuffle. In Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (pp. 379-396). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS). https://doi.org/10.1007/978-3-540-78967-3_22

Groth, Jens ; Ishai, Yuval. / Sub-linear zero-knowledge argument for correctness of a shuffle. Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. 2008. pp. 379-396 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5e0a9c4914eb4cf18c003a1938cadd13,

title = "Sub-linear zero-knowledge argument for correctness of a shuffle",

abstract = "A shuffle of a set of ciphertexts is a new set of ciphertexts with the same plaintexts in permuted order. Shuffles of homomorphic encryptions are a key component in mix-nets, which in turn are used in protocols for anonymization and voting. Since the plaintexts are encrypted it is not directly verifiable whether a shuffle is correct, and it is often necessary to prove the correctness of a shuffle using a zero-knowledge proof or argument. In previous zero-knowledge shuffle arguments from the literature the communication complexity grows linearly with the number of ciphertexts in the shuffle. We suggest the first practical shuffle argument with sub-linear communication complexity. Our result stems from combining previous work on shuffle arguments with ideas taken from probabilistically checkable proofs.",

keywords = "Homomorphic encryption, Mix-net, Shuffle, Sub-linear communication, Zero-knowledge argument",

author = "Jens Groth and Yuval Ishai",

year = "2008",

doi = "10.1007/978-3-540-78967-3_22",

language = "אנגלית",

isbn = "3540789669",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "379--396",

booktitle = "Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

note = "27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008 ; Conference date: 13-04-2008 Through 17-04-2008",

}

Groth, J & Ishai, Y 2008, Sub-linear zero-knowledge argument for correctness of a shuffle. in Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4965 LNCS, pp. 379-396, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008, Istanbul, Turkey, 13/04/08. https://doi.org/10.1007/978-3-540-78967-3_22

Sub-linear zero-knowledge argument for correctness of a shuffle. / Groth, Jens; Ishai, Yuval.
Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. 2008. p. 379-396 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Sub-linear zero-knowledge argument for correctness of a shuffle

AU - Groth, Jens

AU - Ishai, Yuval

PY - 2008

Y1 - 2008

N2 - A shuffle of a set of ciphertexts is a new set of ciphertexts with the same plaintexts in permuted order. Shuffles of homomorphic encryptions are a key component in mix-nets, which in turn are used in protocols for anonymization and voting. Since the plaintexts are encrypted it is not directly verifiable whether a shuffle is correct, and it is often necessary to prove the correctness of a shuffle using a zero-knowledge proof or argument. In previous zero-knowledge shuffle arguments from the literature the communication complexity grows linearly with the number of ciphertexts in the shuffle. We suggest the first practical shuffle argument with sub-linear communication complexity. Our result stems from combining previous work on shuffle arguments with ideas taken from probabilistically checkable proofs.

AB - A shuffle of a set of ciphertexts is a new set of ciphertexts with the same plaintexts in permuted order. Shuffles of homomorphic encryptions are a key component in mix-nets, which in turn are used in protocols for anonymization and voting. Since the plaintexts are encrypted it is not directly verifiable whether a shuffle is correct, and it is often necessary to prove the correctness of a shuffle using a zero-knowledge proof or argument. In previous zero-knowledge shuffle arguments from the literature the communication complexity grows linearly with the number of ciphertexts in the shuffle. We suggest the first practical shuffle argument with sub-linear communication complexity. Our result stems from combining previous work on shuffle arguments with ideas taken from probabilistically checkable proofs.

KW - Homomorphic encryption

KW - Mix-net

KW - Shuffle

KW - Sub-linear communication

KW - Zero-knowledge argument

UR - http://www.scopus.com/inward/record.url?scp=44449134147&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-78967-3_22

DO - 10.1007/978-3-540-78967-3_22

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:44449134147

SN - 3540789669

SN - 9783540789666

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 379

EP - 396

BT - Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

T2 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008

Y2 - 13 April 2008 through 17 April 2008

ER -

Groth J, Ishai Y. Sub-linear zero-knowledge argument for correctness of a shuffle. In Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. 2008. p. 379-396. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-78967-3_22

Sub-linear zero-knowledge argument for correctness of a shuffle

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this