We prove the security of the mix-net in the UC-framework against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle.
Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption.
Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.
Category / Keywords: cryptographic protocols, mix-net, anonymous channel, shuffle, electronic election Date: received 10 May 2005, last revised 24 Oct 2011 Contact author: dog at nada kth se Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation Note: Kun Peng claims, http://arxiv.org/abs/1101.5449 (International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.1, January 2011) that the soundness of this protocol fails. This claim, and the other claims he makes about zero-knowledge and "correctness" are wrong.
Before you decide to cite these wrong claims, make sure you read and understand my paper and please do not hesitate to contact me if something is not clear.Version: 20111024:164755 (All versions of this report) Short URL: ia.cr/2005/137 Discussion forum: Show discussion | Start new discussion