While NIZK arguments in the CRS model are widely studied, the question of what happens
when the CRS is subverted has received little attention. In ASIACRYPT 2016, Bellare …

The Scytl/SwissPost e-voting solution was intended to provide complete verifiability for
Swiss government elections. We show failures in both individual verifiability and universal …

We show how to perform a full-threshold n-party actively secure MPC protocol over a
subgroup of order p of an elliptic curve group E (K). This is done by utilizing a full-threshold n …

We propose a general framework for non-universal SNARKs. It contains (1) knowledge-
sound and non-black-box any-simulation-extractable (ASE),(2) zero-knowledge and …

Since David Chaum introduced the idea of mix nets 40 years ago, they have become widely
used building blocks for privacy-preserving protocols. Several important applications, such …

The most efficient SNARKs (eg, Groth, 2016) have a brittle and difficult-to-verify knowledge-
soundness proof in the generic model, which makes it nontrivial to modify such SNARKs to …

Verifiable mix nets, and specifically proofs of (correct) shuffle, are a fundamental building
block in numerous applications: these zero-knowledge proofs allow the prover to produce a …

We construct the most efficient known pairing-based NIZK shuffle argument. It consists of
three subarguments that were carefully chosen to obtain optimal efficiency of the shuffle …

Mix nets are often used to provide privacy in modern security protocols, through shuffling.
Some of the most important applications, such as secure electronic voting, require mix nets …

A verifiable shuffle of known values is a method for proving that a collection of commitments
opens to a given collection of known messages, without revealing a correspondence …