Rate-1 Key-Dependent Message Security via Reusable Homomorphic Extractor against Correlated-Source Attacks.

A verifiable shuffle of known values is a method for proving that a collection of commitments opens to a given collection of known messages, without revealing a correspondence between commitments and messages. We propose the first practical verifiable shuffle of known values for lattice-based commitments.