An Asiacrypt paper on Zero-Knowledge Shuffles

Following the last post, Panoramix members from University of Tartu also got a paper accepted to Asiacrypt 2016. The paper is called “A Shuffle Argument Secure in the Generic Model” (and authored by Prastudy Fauzi and Helger Lipmaa and Michał Zając, all from Tartu; eprint available at

A verifiable mix-net involves not only the shuffling itself but also non-interactive zero-knowledge (NIZK) arguments by each mixserver that the shuffling was done correctly. There has been a lot of research in such shuffle arguments in the prior literature. However, most of the previous work proposed NIZK shuffle arguments in the random oracle model. Much less is known on how to construct efficient NIZK shuffle arguments in the common reference string (CRS) model, without random oracles.

Within the Panoramix project, we have constructed two different efficient NIZK shuffle arguments in the CRS model. The first paper was earlier published in CT-RSA 2016 (“Efficient Culpably Sound NIZK Shuffle Argument without Random Oracles”, Prastudy Fauzi and Helger Lipmaa; available at The CT-RSA 2016 paper was most efficient CRS-model shuffle argument at that point. The Asiacrypt 2016 paper offers even better efficiency.