## A Shuffle Argument Secure in the Generic Model

Prastudy Fauzi, Helger Lipmaa and Michał Zając. A Shuffle Argument Secure in the Generic Model. In Jung Hee Cheon and Tsuyoshi Takagi, editors, *ASIACRYPT (2) 2016*, volume 10032 of *Lecture Notes in Computer Science*, pages 841--872, Hanoi, Vietnam, December 4--8, 2016. Springer, Heidelberg.

**File:**
[.pdf (667 KB)] __pdf recommended__.

**Abstract**:

A NIZK shuffle argument enables a mix-server to prove in zero\
knowledge that she has correctly shuffled and rerandomized her input\
ciphertexts. We propose a new random oracle-less NIZK shuffle\
argument. It has a simple structure, where the first verification\
equation ascertains that the prover has committed to a permutation\
matrix, the second verification equation ascertains that the same\
permutation was used to permute the ciphertexts, and the third\
verification equation ascertains that input ciphertexts were\
``correctly'' formed. The new argument has $4$ times more efficient\
verification than the up-to now most efficient shuffle argument by\
Fauzi and Lipmaa (CT-RSA 2016). Compared to the Fauzi-Lipmaa\
shuffle argument, we (i) remove the use of knowledge assumptions and\
prove our scheme is sound in the generic bilinear group model, and\
(ii) prove standard soundness, instead of culpable soundness..

**Keywords:** Common reference string, bilinear pairings, generic bilinear group model, mix-net, shuffle argument, zero knowledge.

**Slides:**

**Authors:**

Page by Helger Lipmaa. Send your inqueries to `<helger.lipmaa>gmail.com`.