• Published : 2009.07.31


We use an idea of linear representations of the symmetric group to reduce the number of communication rounds in the verification protocol, proposed in Crypto 2005 by Peng et al., of a shuffling. We assume Paillier encryption scheme with which we can apply some known zero-knowledge proofs following the same line of approaches of Peng et al. Incidence matrices of 1-subsets and 2-subsets of a finite set is intensively used for the implementation, and the idea of $\lambda$-designs is employed for the improvement of the computational complexity.


  1. M. Abe, Mix-networks on permutation networks, Advances in cryptology-ASIACRYPT '99 (Singapore), 258–273, Lecture Notes in Comput. Sci., 1716, Springer, Berlin, 1999
  2. P. J. Cameron and J. H. van Lint, Designs, Graphs, Codes and Their Links, London Mathematical Society Student Texts, 22. Cambridge University Press, Cambridge, 1991
  3. D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Commun. ACM 24 (1981), no. 2, 84–88
  4. G. Danezis, Mix-networks with restricted routes, Privacy Enhancing Technologies (Roger Dingledine, ed.), 1–17, Lecture Notes in Computer Science, vol. 2760, Springer, 2003
  5. G. Danezis, R. Dingledine, and N. Mathewson, Mixminion: Design of a type iii anonymous remailer protocol, IEEE Symposium on Security and Privacy, 2–15, IEEE Computer Society, 2003
  6. C. Diaz, S. Seys, J. Claessens, and B. Preneel, Towards measuring anonymity, in Dingledine and Syverson [11], pp. 54–68
  7. R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar, A reputation system to increase mix-net reliability, Information Hiding (Ira S. Moskowitz, ed.), 126–141, Lecture Notes in Computer Science, vol. 2137, Springer, 2001
  8. R. Dingledine, N. Mathewson, and P. F. Syverson, Tor: The second-generation onion router, USENIX Security Symposium, 303–320, USENIX, 2004
  9. R. Dingledine and P. F. Syverson (eds.), Privacy enhancing technologies, Second international workshop, pet 2002, san francisco, ca, usa, april 14-15, 2002, revised papers, Lecture Notes in Computer Science, vol. 2482, Springer, 2003
  10. W. Fulton and J. Harris, Representation Theory, A First Course, Graduate Texts in Mathematics 129, Springer 1991
  11. J. Furukawa and K. Sako, An efficient scheme for proving a shuffle, Advances in cryptology-CRYPTO 2001 (Santa Barbara, CA), 368–387, Lecture Notes in Comput. Sci., 2139, Springer, Berlin, 2001
  12. P. Golle, M. Jakobsson, A. Juels, and P. F. Syverson, Universal re-encryption for mixnets, Topics in cryptology-CT-RSA 2004, 163–178, Lecture Notes in Comput. Sci., 2964, Springer, Berlin, 2004
  13. J. Groth, A verifiable secret shuffle of homomorphic encryptions, Public key cryptography-PKC 2003, 145–160, Lecture Notes in Comput. Sci., 2567, Springer, Berlin, 2002
  14. J. Groth and S. Lu, Verifiable shuffle of large size ciphertexts, Public key cryptography-PKC 2007, 377–392, Lecture Notes in Comput. Sci., 4450, Springer, Berlin, 2007
  15. M. Mitomo and K. Kurosawa, Attack for flash MIX, Advances in cryptology-ASIACRYPT 2000 (Kyoto), 192–204, Lecture Notes in Comput. Sci., 1976, Springer, Berlin, 2000
  16. L. Nguyen, R. Safavi-Naini, and K. Kurosawa, Verifiable shuffles: A formal model and a Paillier-based efficient construction with provable security, ACNS (Markus Jakobsson, Moti Yung, and Jianying Zhou, eds.), 61–75, Lecture Notes in Computer Science, vol. 3089, Springer, 2004
  17. W Ogata, K Kurosawa, K Sako, and K Takatani, Fault tolerant anonymous channel, Proc. ICICS '97, 440–444, Lecture Notes in Comput. Sci., 1334, Springer-Verlag, 1997
  18. P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, Advances in cryptology-EUROCRYPT '99 (Prague), 223–238, Lecture Notes in Comput. Sci., 1592, Springer, Berlin, 1999
  19. K. Peng, C. Boyd, and E. Dawson, Simple and efficient shuffling with provable correctness and ZK privacy, Advances in cryptology-CRYPTO 2005, 188–204, Lecture Notes in Comput. Sci., 3621, Springer, Berlin, 2005
  20. K. Peng, C. Boyd, E. Dawson, and K. Viswanathan, A correct, private, and efficient mix network, Public key cryptography-PKC 2004, 439–454, Lecture Notes in Comput. Sci., 2947, Springer, Berlin, 2004
  21. B. Pfitzmann, M. Schunter, and M. Waidner, How to break another provably secure payment system, EUROCRYPT, 121–132, 1995
  22. B. E. Sagan, The symmetric group. Representations, combinatorial algorithms, and symmetric functions, The Wadsworth & Brooks/Cole Mathematics Series. Wadsworth & Brooks/Cole Advanced Books & Software, Pacific Grove, CA, 1991
  23. D. Wikstrom, A sender verifiable mix-net and a new proof of a shuffle, Advances in cryptology-ASIACRYPT 2005, 273–292, Lecture Notes in Comput. Sci., 3788, Springer, Berlin, 2005
  24. S. Cho and M. Hong, Proving a shuffle using representations of the symmetric group, ICISC 2008 (P. J. Lee and J. H. Cheon, eds.), 354–367, Lecture Notes in Computer Science, vol. 5461, Springer, 2009
  25. Y. Desmedt and K. Kurosawa, How to break a practical mix and design a new one, EUROCRYPT, 557–572, 2000
  26. P. Frankl, Intersection theorems and mod p rank of inclusion matrices, J. Combin. Theory Ser. A 54 (1990), no. 1, 85–94
  27. E.-J. Goh, Encryption schemes from bilinear maps, Ph. D. thesis, Department of Computer Science, Stanford University, Sep. 2007
  28. P. Golle, S. Zhong, D. Boneh, M. Jakobsson, and A. Juels, Optimistic mixing for exitpolls, Advances in cryptology-ASIACRYPT 2002, 451–465, Lecture Notes in Comput. Sci., 2501, Springer, Berlin, 2002
  29. J. H. van Lint and R. M. Wilson, A Course in Combinatorics, Cambridge University Press, Cambridge, 1992
  30. C. A. Neff, A verifiable secret shuffle and its application to e-voting, ACM Conference on Computer and Communications Security, 116–125, 2001
  31. C. Park, K. Itoh, and K. Kurosawa, Efficient anonymous channel and all/nothing election scheme, Advances in cryptology-EUROCRYPT '93 (Lofthus, 1993), 248–259, Lecture Notes in Comput. Sci., 765, Springer, Berlin, 1994
  32. B. Pfitzmann and A. Pfitzmann, How to break the direct RSA-implementation of mixes, EUROCRYPT, 373–381, 1989
  33. A. Serjantov and G. Danezis, Towards an information theoretic metric for anonymity, in Dingledine and Syverson [11], pp. 41–53
  34. R. M. Wilson, A diagonal form for the incidence matrices of t-subsets vs. k-subsets, European J. Combin. 11 (1990), no. 6, 609–615