Cryptology ePrint Archive: Report 2018/027

A verifiable shuffle for the GSW cryptosystem

Martin Strand

Abstract: We provide the first verifiable shuffle specifically for fully homomorphic schemes. A verifiable shuffle is a way to ensure that if a node receives and sends encrypted lists, the content will be the same, even though no adversary can trace individual list items through the node. Shuffles are useful in e-voting, traffic routing and other applications.

We build our shuffle on the ideas and techniques of Groth's 2010 shuffle, but make necessary modifications for a less ideal setting where the randomness and ciphertexts admit no group structure.

The protocol relies heavily on the properties of the so-called gadget matrices, so we have included a detailed introduction to these.

Category / Keywords: cryptographic protocols / verifiable shuffle, fully homomorphic encryption, post-quantum

Original Publication (with minor differences): 3nd Workshop on Advances in Secure Electronic Voting Schemes

Date: received 7 Jan 2018

Contact author: martin strand at ntnu no

Available format(s): PDF | BibTeX Citation

Version: 20180107:163842 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]