A Verifiable Shuffle for the GSW Cryptosystem

  • Martin StrandEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10958)


We provide the first verifiable shuffle specifically for fully homomorphic schemes. A verifiable shuffle is a way to ensure that if a node receives and sends encrypted lists, the content will be the same, even though no adversary can trace individual list items through the node. Shuffles are useful in e-voting, traffic routing and other applications.

We build our shuffle on the ideas and techniques of Groth’s 2010 shuffle, but make necessary modifications for a less ideal setting where the randomness and ciphertexts admit no group structure.

The protocol relies heavily on the properties of the so-called gadget matrices, so we have included a detailed introduction to these.


Verifiable shuffle Fully homomorphic encryption Post-quantum 



The author wishes to thank Jens Groth for his useful comments to an early version of this manuscript, as well as to the anonymous reviewers.


  1. 1.
    Albrecht, M., Davidson, A.: Are graded encoding scheme broken yet? (2017). Accessed 30 Aug 2017
  2. 2.
    Alperin-Sheriff, J., Peikert, C.: Faster bootstrapping with polynomial error. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 297–314. Springer, Heidelberg (2014). Scholar
  3. 3.
    Baum, C., Damgård, I., Oechsner, S., Peikert, C.: Efficient commitments and zero-knowledge protocols from ring-SIS with applications to lattice-based threshold cryptosystems. Cryptology ePrint Archive, Report 2016/997 (2016).
  4. 4.
    Bourse, F., Del Pino, R., Minelli, M., Wee, H.: FHE circuit privacy almost for free. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 62–89. Springer, Heidelberg (2016). Scholar
  5. 5.
    Carr, C., Costache, A., Davies, G.T., Gjøsteen, K., Strand, M.: Zero-knowledge proof of decryption for FHE ciphertexts (2017). ManuscriptGoogle Scholar
  6. 6.
    Costa, N., Martínez, R., Morillo, P.: Proof of a shuffle for lattice-based cryptography (full version). Cryptology ePrint Archive, Report 2017/900, 2017.
  7. 7.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). Scholar
  8. 8.
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009).
  9. 9.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). Scholar
  10. 10.
    Gjøsteen, K., Strand, M.: A roadmap to fully homomorphic elections: stronger security, better verifiability. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 404–418. Springer, Cham (2017). Scholar
  11. 11.
    Groth, J.: A verifiable secret shuffle of homomorphic encryptions. J. Cryptology 23(4), 546–579 (2010)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. J. Cryptology 16(3), 143–184 (2003)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008). Scholar
  14. 14.
    Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). Scholar
  15. 15.
    Neff, C.A.: A verifiable secret shuffle and its application to e-voting. In: Reiter, M.K., Samarati, P., (eds.) CCS 2001, Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 116–125. ACM (2001)Google Scholar
  16. 16.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). Scholar

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  1. 1.Norwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations