Skip to main content

Advertisement

Springer Nature Link
Log in
Menu
Find a journal Publish with us Track your research
Search
Saved research
Cart
  1. Home
  2. Advances in Cryptology – EUROCRYPT 2008
  3. Conference paper

Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle

  • Conference paper
  • pp 379–396
  • Cite this conference paper
Save conference paper
View saved research
Advances in Cryptology – EUROCRYPT 2008 (EUROCRYPT 2008)
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle
  • Jens Groth1 &
  • Yuval Ishai2 

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4965))

Included in the following conference series:

  • Annual International Conference on the Theory and Applications of Cryptographic Techniques
  • 3661 Accesses

  • 65 Citations

  • 6 Altmetric

Abstract

A shuffle of a set of ciphertexts is a new set of ciphertexts with the same plaintexts in permuted order. Shuffles of homomorphic encryptions are a key component in mix-nets, which in turn are used in protocols for anonymization and voting. Since the plaintexts are encrypted it is not directly verifiable whether a shuffle is correct, and it is often necessary to prove the correctness of a shuffle using a zero-knowledge proof or argument.

In previous zero-knowledge shuffle arguments from the literature the communication complexity grows linearly with the number of ciphertexts in the shuffle. We suggest the first practical shuffle argument with sub-linear communication complexity. Our result stems from combining previous work on shuffle arguments with ideas taken from probabilistically checkable proofs.

Download to read the full chapter text

Chapter PDF

Similar content being viewed by others

A Non-interactive Shuffle Argument with Low Trust Assumptions

Chapter © 2020

Shuffle Arguments Based on Subset-Checking

Chapter © 2024

Efficient Succinct Zero-Knowledge Arguments in the CL Framework

Article 03 January 2025

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.
  • Complexity
  • Cryptology
  • Data Structures and Information Theory
  • Logic gates
  • Linear Logic
  • Blockchain
  • Card-Based Cryptographic Protocols and Secure Computation

References

  1. Abe, M.: Universally verifiable mix-net with verification work independent of the number of mix-servers. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 437–447. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  2. Abe, M., Hoshino, F.: Remarks on mix-network based on permutation networks. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 317–324. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and the hardness of approximation problems. Journal of the ACM 45(3), 501–555 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  4. Arora, S., Safra, S.: Probabilistic checking of proofs: A new characterization of NP. Journal of the ACM 45(1), 70–122 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  5. Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)

    Google Scholar 

  6. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS, pp. 62–73 (1993)

    Google Scholar 

  7. Ben-Sasson, E., Goldreich, O., Harsha, P., Sudan, M., Vadhan, S.P.: Short PCPs verifiable in polylogarithmic time. In: IEEE Conference on Computational Complexity, pp. 120–134 (2005)

    Google Scholar 

  8. Brassard, G., Chaum, D., Crèpeau, C.: Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences 37(2), 156–189 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  9. Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)

    Google Scholar 

  10. Damgård, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 418–430. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Dinur, I.: The PCP theorem by gap amplification. Journal of the ACM 54(3) (2007)

    Google Scholar 

  13. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  14. Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1986)

    Google Scholar 

  15. Furukawa, J.: Efficient and verifiable shuffling and shuffle-decryption. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 88-A(1), 172–188 (2005)

    Google Scholar 

  16. Furukawa, J., Miyauchi, H., Mori, K., Obana, S., Sako, K.: An implementation of a universally verifiable electronic voting scheme based on shuffling. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 16–30. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Furukawa, J., Sako, K.: An efficient scheme for proving a shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 368–387. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Garay, J.A., MacKenzie, P.D., Yang, K.: Strengthening zero-knowledge protocols using signatures. Journal of Cryptology 19(2), 169–209 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  19. Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: FOCS, pp. 102–113 (2003), http://eprint.iacr.org/2003/034

  20. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proofs. SIAM Journal of Computing 18(1), 186–208 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  21. Groth, J.: A verifiable secret shuffle of homomorphic encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2002), http://eprint.iacr.org/2005/246

    Chapter  Google Scholar 

  22. Groth, J.: Honest verifier zero-knowledge arguments applied. Dissertation Series DS-04-3, BRICS, PhD thesis. pp. xii+119 (2004)

    Google Scholar 

  23. Groth, J., Ishai, Y.: Sub-linear zero-knowledge argument for correctness of a shuffle (2008), http://www.brics.dk/~jg/PCPShuffle.pdf

  24. Groth, J., Lu, S.: Verifiable shuffle of large size ciphertexts. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 377–392. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  25. Ishai, Y., Kushilevitz, E., Ostrovsky, R.: Efficient arguments without short PCPs. In: CCC, pp. 278–291 (2007)

    Google Scholar 

  26. Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: STOC, pp. 723–732 (1992)

    Google Scholar 

  27. Lim, C.H.: Efficient multi-exponentiation and application to batch verification of digital signatures (2000), http://dasan.sejong.ac.kr/~chlim/pub/multi_exp.ps

  28. Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. Journal of Cryptology 16(3), 143–184 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  29. Micali, S.: Computationally sound proofs. SIAM Journal of Computing 30(4), 1253–1298 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  30. Neff, C.A.: A verifiable secret shuffle and its application to e-voting. In: ACM CCS, pp. 116–125 (2001)

    Google Scholar 

  31. Neff, C.A.: Verifiable mixing (shuffling) of ElGamal pairs (2003), http://www.votehere.net/vhti/documentation/egshuf.pdf

  32. Nguyen, L., Safavi-Naini, R., Kurosawa, K.: A provably secure and effcient verifiable shuffle based on a variant of the Paillier cryptosystem. Journal of Universal Computer Science 11(6), 986–1010 (2005)

    MathSciNet  Google Scholar 

  33. Nguyen, L., Safavi-Naini, R., Kurosawa, K.: Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security. International Journal of Information Security 5(4), 241–255 (2006)

    Article  Google Scholar 

  34. Onodera, T., Tanaka, K.: Shufle for Paillier’s encryption scheme. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E88-A(5), 1241–1248 (2005)

    Google Scholar 

  35. Paillier, P.: Public-key cryptosystems based on composite residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–239. Springer, Heidelberg (1999)

    Google Scholar 

  36. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  37. Sako, K., Kilian, J.: Receipt-free mix-type voting scheme - a practical solution to the implementation of a voting booth. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)

    Google Scholar 

  38. Wikström, D.: A sender verifiable mix-net and a new proof of a shuffle. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 273–292. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University College London,  

    Jens Groth

  2. Technion and University of California Los Angeles,  

    Yuval Ishai

Authors
  1. Jens Groth
    View author publications

    Search author on:PubMed Google Scholar

  2. Yuval Ishai
    View author publications

    Search author on:PubMed Google Scholar

Editor information

Nigel Smart

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Groth, J., Ishai, Y. (2008). Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle. In: Smart, N. (eds) Advances in Cryptology – EUROCRYPT 2008. EUROCRYPT 2008. Lecture Notes in Computer Science, vol 4965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78967-3_22

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-540-78967-3_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-78966-6

  • Online ISBN: 978-3-540-78967-3

  • eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords

  • Shuffle
  • zero-knowledge argument
  • sub-linear communication
  • homomorphic encryption
  • mix-net

Publish with us

Policies and ethics

Search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Footer Navigation

Discover content

  • Journals A-Z
  • Books A-Z
  • Subjects A-Z

Publish with us

  • Journal finder
  • Publish your research
  • Language editing
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our brands

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Discover

Corporate Navigation

  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Legal notice
  • Cancel contracts here

104.23.243.59

Not affiliated

Springer Nature

© 2026 Springer Nature