• Published : 2009.07.31


We use an idea of linear representations of the symmetric group to reduce the number of communication rounds in the verification protocol, proposed in Crypto 2005 by Peng et al., of a shuffling. We assume Paillier encryption scheme with which we can apply some known zero-knowledge proofs following the same line of approaches of Peng et al. Incidence matrices of 1-subsets and 2-subsets of a finite set is intensively used for the implementation, and the idea of $\lambda$-designs is employed for the improvement of the computational complexity.


  1. M. Abe, Mix-networks on permutation networks, Advances in cryptology-ASIACRYPT '99 (Singapore), 258–273, Lecture Notes in Comput. Sci., 1716, Springer, Berlin, 1999
  2. P. J. Cameron and J. H. van Lint, Designs, Graphs, Codes and Their Links, London Mathematical Society Student Texts, 22. Cambridge University Press, Cambridge, 1991
  3. D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Commun. ACM 24 (1981), no. 2, 84–88
  4. S. Cho and M. Hong, Proving a shuffle using representations of the symmetric group, ICISC 2008 (P. J. Lee and J. H. Cheon, eds.), 354–367, Lecture Notes in Computer Science, vol. 5461, Springer, 2009
  5. G. Danezis, Mix-networks with restricted routes, Privacy Enhancing Technologies (Roger Dingledine, ed.), 1–17, Lecture Notes in Computer Science, vol. 2760, Springer, 2003
  6. G. Danezis, R. Dingledine, and N. Mathewson, Mixminion: Design of a type iii anonymous remailer protocol, IEEE Symposium on Security and Privacy, 2–15, IEEE Computer Society, 2003
  7. Y. Desmedt and K. Kurosawa, How to break a practical mix and design a new one, EUROCRYPT, 557–572, 2000
  8. C. Diaz, S. Seys, J. Claessens, and B. Preneel, Towards measuring anonymity, in Dingledine and Syverson [11], pp. 54–68
  9. R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar, A reputation system to increase mix-net reliability, Information Hiding (Ira S. Moskowitz, ed.), 126–141, Lecture Notes in Computer Science, vol. 2137, Springer, 2001
  10. R. Dingledine, N. Mathewson, and P. F. Syverson, Tor: The second-generation onion router, USENIX Security Symposium, 303–320, USENIX, 2004
  11. R. Dingledine and P. F. Syverson (eds.), Privacy enhancing technologies, Second international workshop, pet 2002, san francisco, ca, usa, april 14-15, 2002, revised papers, Lecture Notes in Computer Science, vol. 2482, Springer, 2003
  12. P. Frankl, Intersection theorems and mod p rank of inclusion matrices, J. Combin. Theory Ser. A 54 (1990), no. 1, 85–94
  13. W. Fulton and J. Harris, Representation Theory, A First Course, Graduate Texts in Mathematics 129, Springer 1991
  14. J. Furukawa and K. Sako, An efficient scheme for proving a shuffle, Advances in cryptology-CRYPTO 2001 (Santa Barbara, CA), 368–387, Lecture Notes in Comput. Sci., 2139, Springer, Berlin, 2001
  15. E.-J. Goh, Encryption schemes from bilinear maps, Ph. D. thesis, Department of Computer Science, Stanford University, Sep. 2007
  16. P. Golle, M. Jakobsson, A. Juels, and P. F. Syverson, Universal re-encryption for mixnets, Topics in cryptology-CT-RSA 2004, 163–178, Lecture Notes in Comput. Sci., 2964, Springer, Berlin, 2004
  17. P. Golle, S. Zhong, D. Boneh, M. Jakobsson, and A. Juels, Optimistic mixing for exitpolls, Advances in cryptology-ASIACRYPT 2002, 451–465, Lecture Notes in Comput. Sci., 2501, Springer, Berlin, 2002
  18. J. Groth, A verifiable secret shuffle of homomorphic encryptions, Public key cryptography-PKC 2003, 145–160, Lecture Notes in Comput. Sci., 2567, Springer, Berlin, 2002
  19. J. Groth and S. Lu, Verifiable shuffle of large size ciphertexts, Public key cryptography-PKC 2007, 377–392, Lecture Notes in Comput. Sci., 4450, Springer, Berlin, 2007
  20. J. H. van Lint and R. M. Wilson, A Course in Combinatorics, Cambridge University Press, Cambridge, 1992
  21. M. Mitomo and K. Kurosawa, Attack for flash MIX, Advances in cryptology-ASIACRYPT 2000 (Kyoto), 192–204, Lecture Notes in Comput. Sci., 1976, Springer, Berlin, 2000
  22. C. A. Neff, A verifiable secret shuffle and its application to e-voting, ACM Conference on Computer and Communications Security, 116–125, 2001
  23. L. Nguyen, R. Safavi-Naini, and K. Kurosawa, Verifiable shuffles: A formal model and a Paillier-based efficient construction with provable security, ACNS (Markus Jakobsson, Moti Yung, and Jianying Zhou, eds.), 61–75, Lecture Notes in Computer Science, vol. 3089, Springer, 2004
  24. W Ogata, K Kurosawa, K Sako, and K Takatani, Fault tolerant anonymous channel, Proc. ICICS '97, 440–444, Lecture Notes in Comput. Sci., 1334, Springer-Verlag, 1997
  25. P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, Advances in cryptology-EUROCRYPT '99 (Prague), 223–238, Lecture Notes in Comput. Sci., 1592, Springer, Berlin, 1999
  26. C. Park, K. Itoh, and K. Kurosawa, Efficient anonymous channel and all/nothing election scheme, Advances in cryptology-EUROCRYPT '93 (Lofthus, 1993), 248–259, Lecture Notes in Comput. Sci., 765, Springer, Berlin, 1994
  27. K. Peng, C. Boyd, and E. Dawson, Simple and efficient shuffling with provable correctness and ZK privacy, Advances in cryptology-CRYPTO 2005, 188–204, Lecture Notes in Comput. Sci., 3621, Springer, Berlin, 2005
  28. K. Peng, C. Boyd, E. Dawson, and K. Viswanathan, A correct, private, and efficient mix network, Public key cryptography-PKC 2004, 439–454, Lecture Notes in Comput. Sci., 2947, Springer, Berlin, 2004
  29. B. Pfitzmann and A. Pfitzmann, How to break the direct RSA-implementation of mixes, EUROCRYPT, 373–381, 1989
  30. B. Pfitzmann, M. Schunter, and M. Waidner, How to break another provably secure payment system, EUROCRYPT, 121–132, 1995
  31. B. E. Sagan, The symmetric group. Representations, combinatorial algorithms, and symmetric functions, The Wadsworth & Brooks/Cole Mathematics Series. Wadsworth & Brooks/Cole Advanced Books & Software, Pacific Grove, CA, 1991
  32. A. Serjantov and G. Danezis, Towards an information theoretic metric for anonymity, in Dingledine and Syverson [11], pp. 41–53
  33. D. Wikstrom, A sender verifiable mix-net and a new proof of a shuffle, Advances in cryptology-ASIACRYPT 2005, 273–292, Lecture Notes in Comput. Sci., 3788, Springer, Berlin, 2005
  34. R. M. Wilson, A diagonal form for the incidence matrices of t-subsets vs. k-subsets, European J. Combin. 11 (1990), no. 6, 609–615