A Shuffle Argument Secure in the Generic Model.

We propose a new random oracle-less NIZK shuffle argument. It has a simple structure, where the first verification equation ascertains that the prover has committed to a permutation matrix, the second verification equation ascertains that the same permutation was used to permute the ciphertexts, and the third verification equation ascertains that input ciphertexts were \"correctly\" formed. The new argument has 3.5 times more efficient verification than the up-to-now most efficient shuffle argument by Fauzi and Lipmaa CT-RSA 2016. Compared to the Fauzi-Lipmaa shuffle argument, we i remove the use of knowledge assumptions and prove our scheme is sound in the generic bilinear group model, and ii prove standard soundness, instead of culpable soundness.