We prove the security of the mix-net in the UC-framework against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle.
Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption.
Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.
Category / Keywords: cryptographic protocols, mix-net, anonymous channel, shuffle, electronic election Date: received 10 May 2005, last revised 19 Mar 2009 Contact author: dog at nada kth se Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation Note: Corrected error in proof of soundness/proof of knowledge. Version: 20090319:143124 (All versions of this report) Discussion forum: Show discussion | Start new discussion