Article

A verifiable secret shuffle and its application to e-voting

Author:

C. Andrew NeffAuthors Info & Claims

CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

Pages 116 - 125

https://doi.org/10.1145/501983.502000

Published: 05 November 2001 Publication History

Abstract

We present a mathematical construct which provides a cryptographic protocol to verifiably shuffle a sequence of k modular integers, and discuss its application to secure, universally verifiable, multi-authority election schemes. The output of the shuffle operation is another sequence of k modular integers, each of which is the same secret power of a corresponding input element, but the order of elements in the output is kept secret. Though it is a trivial matter for the "shuffler" (who chooses the permutation of the elements to be applied) to compute the output from the input, the construction is important because it provides a linear size proof of correctness for the output sequence (i.e. a proof that it is of the form claimed) that can be checked by an arbitrary verifiers. The complexity of the protocol improves on that of Furukawa-Sako[16] both measured by number of exponentiations and by overall size.The protocol is shown to be honest-verifier zeroknowledge in a special case, and is computational zeroknowledge in general. On the way to the final result, we also construct a generalization of the well known Chaum-Pedersen protocol for knowledge of discrete logarithm equality [10], [7]. In fact, the generalization specializes exactly to the Chaum-Pedersen protocol in the case k = 2. This result may be of interest on its own.An application to electronic voting is given that matches the features of the best current protocols with significant efficiency improvements. An alternative application to electronic voting is also given that introduces an entirely new paradigm for achieving Universally Verifiable elections.

References

[1]

M. Abe. Mix-Networks on Permutation Networks - ASIACRYPT 99, Lecture Notes in Computer Science, pp. 258-273, Springer-Verlag, 1999.]]

Digital Library

[2]

M. Abe and F. Hoshino. Remarks on Mix-Network Based on Permutation Networks. Proceedings 4th International Workshop on Practice and Theory in Public Key Cryptography PKC 2001, Lecture Notes in Computer Science, pages 317-324, Springer-Verlag, 2001.]]

Digital Library

[3]

J. Benaloh. Secret Sharing Homomorphisms: Keeping Shares of a Secret Secret. Advances in Cryptology - CRYPTO '86, Lecture Notes in Computer Science, pp. 251-260, Springer-Verlag, Berlin, 1987.]]

Digital Library

[4]

J. Benaloh, M. Yung. Distributing the power of a government to enhance the privacy of voters. ACM Symposium on Principles of Distributed Computing, pp. 52-62, 1986.]]

Digital Library

[5]

R. Cramer, I. Damgrd, B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. Advances in Cryptology - CRYPTO '94, Lecture Notes in Computer Science, pp. 174-187, Springer-Verlag, Berlin, 1994.]]

Digital Library

[6]

R. Cramer, M. Franklin, B. Schoenmakers, M. Yung. Multi-authority secret-ballot elections with linear work. Advances in Cryptology - EUROCRYPT '96, Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1996.]]

[7]

R. Cramer, R. Gennaro, B. Schoenmakers. A secure and optimally efficient multi-authority election scheme. Advances in Cryptology - EUROCRYPT '97, Lecture Notes in Computer Science, Springer-Verlag, 1997.]]

[8]

D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84-88, 1981.]]

Digital Library

[9]

D. Chaum. Zero-knowledge undeniable signatures. Advances in Cryptology - EUROCRYPT '90, Lecture Notes in Computer Science, volume 473, pages 458-464, Springer-Verlag, 1991.]]

Digital Library

[10]

D. Chaum and T.P. Pedersen. Wallet databases with observers. Advances in Cryptology - CRYPTO '92, volume 740 of Lecture Notes in Compute Science, pages 89-105, Berlin, 1993. Springer-Verlag.]]

Digital Library

[11]

A. De Santis, G. Di Crescenzo, G. Persiano and M. Yung. On Monotone Formula Closure of SZK. FOCS 94, pp. 454-465.]]

[12]

W. Diffie, M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644-654, 1976.]]

Digital Library

[13]

T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4):469-472, 1985.]]

Digital Library

[14]

A. Fujioka, T. Okamoto, K. Ohta. A practical secret voting scheme for large scale elections. Advances in Cryptology - AUSCRYPT '92, Lecture Notes in Computer Science, pp. 244-251, Springer-Verlag, 1992.]]

Digital Library

[15]

A. Fiat, A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. Advances in Cryptology - CRYPTO '86, Lecture Notes in Computer Science, pp. 186-194, Springer-Verlag, New York, 1987.]]

Digital Library

[16]

J. Furukawa and K. Sako. An Efficient Scheme for Proving a Shuffle. To appear in CRYPTO 2001.]]

Digital Library

[17]

R. Gennaro. Achieving independence efficiently and securely. Proceedings 14th ACM Symposium on Principles of Distributed Computing (PODC '95), New York, 1995.]]

Digital Library

[18]

A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography, CRC Press, 1997.]]

Digital Library

[19]

N. Koblitz, A Course in Number Theory and Cryptography, 2nd edition, Springer, 1994.]]

Digital Library

[20]

A. M. Odlyzko, Discrete logarithms in finite fields and their cryptographic significance, Advances in Cryptology - EUROCRYPT '84, Lecture Notes in Computer Science, Springer-Verlag, 1984.]]

Digital Library

[21]

T. Pedersen. A threshold cryptosystem without a trusted party, Advances in Cryptology - EUROCRYPT '91, Lecture Notes in Computer Science, pp. 522-526, Springer-Verlag, 1991.]]

[22]

C. Park, K. Itoh, K. Kurosawa. Efficient anonymous channel and all/nothing election scheme. Advances in Cryptology - EUROCRYPT '93, Lecture Notes in Computer Science, pp. 248-259, Springer-Verlag, 1993.]]

Digital Library

[23]

C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161-174, 1991.]]

Digital Library

[24]

A. Shamir. How to share a secret. Communications of the ACM, 22(11):612-613, 1979.]]

Digital Library

[25]

K. Sako, J. Kilian. Secure voting using partially compatible homomorphisms, Advances in Cryptology -CRYPTO '94, Lecture Notes in Computer Science, Springer-Verlag, 1994.]]

Digital Library

[26]

K. Sako, J. Kilian. Receipt-free mix-type voting scheme - A practical solution to the implementation of a voting booth, Advances in Cryptology -EUROCRYPT '95, Lecture Notes in Computer Science, Springer-Verlag, 1995.]]

[27]

J. Kilian, K. Sako, Secure electronic voting using partially compatible homomorphisms, awarded 2/27/1996, filed 8/19/1994.]]

[28]

J. Kilian, K. Sako, Secure anonymous message transfer and voting scheme, awarded 10/28/1997, filed 1/23/1995.]]

Cited By

Wikström D(2024)Special Soundness in the Random Oracle ModelIACR Communications in Cryptology10.62056/avivommolOnline publication date: 7-Oct-2024
https://doi.org/10.62056/avivommol
Wikström D(2024)Special Soundness RevisitedIACR Communications in Cryptology10.62056/aep2c3w9pOnline publication date: 7-Oct-2024
https://doi.org/10.62056/aep2c3w9p
Gascón AIshai YKelkar MLi BMa YRaykova MLuo BLiao XXu JKirda ELie D(2024)Computationally Secure Aggregation and Private Information Retrieval in the Shuffle ModelProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670391(4122-4136)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670391
Show More Cited By

Index Terms

A verifiable secret shuffle and its application to e-voting

Recommendations

A Verifiable Secret Shuffle of Homomorphic Encryptions

A shuffle consists of a permutation and re-encryption of a set of input ciphertexts. One application of shuffles is to build mix-nets. We suggest an honest verifier zero-knowledge argument for the correctness of a shuffle of homomorphic encryptions.

Our ...
Verifiable shuffle of large size ciphertexts
PKC'07: Proceedings of the 10th international conference on Practice and theory in public-key cryptography

A shuffle is a permutation and rerandomization of a set of ciphertexts. Among other things, it can be used to construct mix-nets that are used in anonymization protocols and voting schemes. While shuffling is easy, it is hard for an outsider to verify ...
Commuting signatures and verifiable encryption
EUROCRYPT'11: Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology

Verifiable encryption allows one to encrypt a signature while preserving its public verifiability. We introduce a new primitive called commuting signatures and verifiable encryption that extends this in multiple ways, such as enabling encryption of both ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

November 2001

274 pages

ISBN:1581133855

DOI:10.1145/501983

Conference Chair:
Mike Reiter
Bell Labs, USA
,
Editor:
Pierangela Samarati
University of Milan, Italy

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 November 2001

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS01

Sponsor:

SIGSAC

CCS01: 8th ACM Conference on Computer and Communications Security

November 5 - 8, 2001

PA, Philadelphia, USA

Acceptance Rates

CCS '01 Paper Acceptance Rate 27 of 153 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

324
Total Citations
View Citations
2,435
Total Downloads

Downloads (Last 12 months)81
Downloads (Last 6 weeks)13

Reflects downloads up to 09 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wikström D(2024)Special Soundness in the Random Oracle ModelIACR Communications in Cryptology10.62056/avivommolOnline publication date: 7-Oct-2024
https://doi.org/10.62056/avivommol
Wikström D(2024)Special Soundness RevisitedIACR Communications in Cryptology10.62056/aep2c3w9pOnline publication date: 7-Oct-2024
https://doi.org/10.62056/aep2c3w9p
Gascón AIshai YKelkar MLi BMa YRaykova MLuo BLiao XXu JKirda ELie D(2024)Computationally Secure Aggregation and Private Information Retrieval in the Shuffle ModelProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670391(4122-4136)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670391
Laufer EOzdemir ABoneh DLuo BLiao XXu JKirda ELie D(2024)zkPi: Proving Lean Theorems in Zero-KnowledgeProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670322(4301-4315)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670322
Anderson EChase MDurak FLaine KWeng CLuo BLiao XXu JKirda ELie D(2024)Precio: Private Aggregate Measurement via Oblivious ShufflingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670280(1819-1833)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670280
Laufer ELevis PRajagopal R(2024)Privacy-Preserving Control of Partitioned Energy ResourcesProceedings of the 15th ACM International Conference on Future and Sustainable Energy Systems10.1145/3632775.3661988(610-624)Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1145/3632775.3661988
Liu GLi HWang NXiang TLiu Y(2024)DeGKM: Decentralized Group Key Management for Content Push in Integrated NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3359240(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3359240
Liu GYan ZWang DWang HLi T(2024)DePTVM: Decentralized Pseudonym and Trust Value Management for Integrated NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.324679921:1(110-124)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3246799
Rathee MZhang YCorrigan-Gibbs HAda Popa R(2024)Private Analytics via Streaming, Sketching, and Silently Verifiable Proofs2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00245(3072-3090)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00245
Naikoo FAhmad KAhmad K(2024)Analyzing processing time and load factor: 5-node mix network with ElGamal encryption and XOR shufflingInternational Journal of Information Technology10.1007/s41870-024-02055-x16:7(4589-4597)Online publication date: 13-Jul-2024
https://doi.org/10.1007/s41870-024-02055-x
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents