Paper 2019/1420

A Non-Interactive Shuffle Argument With Low Trust Assumptions

Antonis Aggelakis, Prastudy Fauzi, Georgios Korfiatis, Panos Louridas, Foteinos Mergoupis-Anagnou, Janno Siim, and Michal Zajac


A shuffle argument is a cryptographic primitive for proving correct behaviour of mix-networks without leaking any private information. Several recent constructions of non-interactive shuffle arguments avoid the random oracle model but require the public key to be trusted. We augment the most efficient argument by Fauzi et al. [Asiacrypt 2017] with a distributed key generation protocol that assures soundness of the argument if at least one party in the protocol is honest and additionally provide a key verification algorithm which guarantees zero-knowledge even if all the parties are malicious. Furthermore, we simplify their construction and improve security by using weaker assumptions while retaining roughly the same level of efficiency. We also provide an implementation to the distributed key generation protocol and the shuffle argument.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. CT-RSA 2020
subversion securitynon-interactive zero-knowledgeshufflesecure multi-party computation
Contact author(s)
jannosiim @ gmail com
m p zajac @ gmail com
prastudy fauzi @ gmail com
louridas @ grnet gr
2019-12-10: received
Short URL
Creative Commons Attribution


      author = {Antonis Aggelakis and Prastudy Fauzi and Georgios Korfiatis and Panos Louridas and Foteinos Mergoupis-Anagnou and Janno Siim and Michal Zajac},
      title = {A Non-Interactive Shuffle Argument With Low Trust Assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1420},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.