Efficient Shuffle Arguments Research Seminar Project

Anonymous communication is useful in variety of online applications. Evoting, online chat software and data collection for surveying are some of the applications where anonymity is an important feature. One way to guarantee anonymous network communication is using a mix network (mix-net) protocol. A mix network is a protocol that contains several mix servers. A mix server collects user’s ciphertexts, cryptographically transforms and permutes them and then sends the ciphertexts to the destination or to another mix server. Shuffling guarantees that an adversary eavesdropping on the network cannot connect source of the ciphertext to the destination as long as at least one of the mix servers is honest. It is highly important that a mix server does the permutation correctly. For example in e-voting it would disastrous if a malicious mix server could change votes at will. At the same time revealing the permutation would defeat the purpose of a mix network. Solution is that the mix server must produce a zero-knowledge proof that the permutation was done correctly. Mix server must prove that the output ciphertexts are rerandomized and permuted input ciphertexts without revealing anything about the permutation. This report gives an overview of two efficient zero-knowledge arguments for shuffles. Section 1 gives a summary of mix-nets. Section 2 covers preliminaries needed for zero-knowledge arguments. In section 3 we look at interactive argument for shuffles introduced by Neff in article [1]. In section 4 we study a shuffle protocol by Groth from [3].