I have a problem where I have a table of various reencryptable/rerandomizable ciphertexts (Paillier, Elgamal, EC Additive Elgamal). Each row on a given table has the same structure, but each column potentially has its own cryptosystem. This shuffle gets executed several times on different tables with different numbers of columns.
- I want a group of parties to execute a verified shuffle of this table.
As far as I can tell, the shuffle proofs I see, rely on there being something in common between the columns of the ciphertexts. I currently have a brute force proof that proves that each original row appears in the shuffled table, but this proof is too expensive ($O(n^2 \cdot k)$, where $n$ is the rows and $k$ is the columns).
- Is there an efficient mechanism to prove a shuffle of arbitrary tables?
- Also, is there a way the shufflers can work together to make one proof rather than a step-by-step proof?
