Simple and efficient shuffling with provable correctness and ZK privacy
Advances in Cryptology–CRYPTO 2005: 25th Annual International Cryptology …, 2005•Springer
A simple and efficient shuffling scheme containing two protocols is proposed. Firstly, a
prototype, Protocol-1 is designed, which is based on the assumption that the shuffling party
cannot find a linear relation of the shuffled messages in polynomial time. As application of
Protocol-1 is limited, it is then optimised to Protocol-2, which does not need the assumption.
Both protocols are simpler and more efficient than any other shuffling scheme with unlimited
permutation. Moreover, they achieve provable correctness and ZK privacy.
prototype, Protocol-1 is designed, which is based on the assumption that the shuffling party
cannot find a linear relation of the shuffled messages in polynomial time. As application of
Protocol-1 is limited, it is then optimised to Protocol-2, which does not need the assumption.
Both protocols are simpler and more efficient than any other shuffling scheme with unlimited
permutation. Moreover, they achieve provable correctness and ZK privacy.
Abstract
A simple and efficient shuffling scheme containing two protocols is proposed. Firstly, a prototype, Protocol-1 is designed, which is based on the assumption that the shuffling party cannot find a linear relation of the shuffled messages in polynomial time. As application of Protocol-1 is limited, it is then optimised to Protocol-2, which does not need the assumption. Both protocols are simpler and more efficient than any other shuffling scheme with unlimited permutation. Moreover, they achieve provable correctness and ZK privacy.
Springer