Date:
12 May 2000
How to Break a Practical MIX and Design a New One
 Yvo Desmedt,
 Kaoru Kurosawa
 … show all 2 hide
Abstract
A MIX net takes a list of ciphertexts (c _{1}, ..., c _{N}) and outputs a permuted list of the plaintexts (m _{1}, ..., m _{N}) without revealing the relationship between (c _{1},..., c _{N}) and (m _{1}, ...,m _{N}). This paper first shows that the Jakobsson’s MIX net of Eurocrypt’98, which was believed to be resilient and very efficient, is broken. We next propose an efficient tresilient MIX net with O(t ^{2}) servers in which the cost of each MIX server is O(N). Two new concepts are introduced, existentialhonesty and limitedopenverification. They will be useful for distributed computation in general.
A part of this research was done while the author visited the Tokyo Institute of Technology, March 4–19, 1999. He was then at the University of Wisconsin — Milwaukee.
A part of his research was funded by NSF CCR9508528.
 M. Abe, “Universally verifiable mixnet with verification work independent of the number of mixcenters,” Eurocrypt’ 98, pp. 437–447.
 M. Abe, “A mixnetwork on permutation networks,” ISEC Technical report 9910 (in Japanese) (May, 1999)
 M. Abe, “Mixnetworks on permutation networks,” Asiacrypt’ 99, pp. 258–273.
 M. Bellare, A. Desai, D. Poincheval, P. Rogaway, “Relations among notions of security for public key encryption schemes,” Crypto’ 98, pp. 26–45.
 M. Bellare, P. Rogaway, “Optimal asymmetric encryptionHow to encrypt with RSA,” Eurocrypt’ 94, pp. 92–111.
 Chaum, D. (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24: pp. 8488 CrossRef
 D. Chaum, H. Van Antwerpen, “Undeniable signatures,” Crypto’ 89, pp. 212–216.
 Y. Desmedt, Y. Frankel, “Threshold cryptosystems,” Crypto’ 89, pp. 307–315.
 D. Dolev, C. Dwork, M. Naor, “Nonmalleable cryptography,” STOC’ 91, pp. 542–552.
 T. ElGamal, “A publickey cryptosystem and a signature scheme based on discrete logarithms,” Crypto’ 84, pp. 10–18.
 A. Fujioka, T. Okamoto, K. Ohta, “A practical secret voting scheme for large scale elections,” Auscrypt’ 92, pp. 244–251.
 R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, “Robust and efficient sharing of RSA functions,” Crypto’ 96, pp. 157–172.
 M. Jakobsson, “A practical MIX,” Eurocrypt’ 98, pp. 448–461.
 M. Jakobsson, D. M’Raihi, “Mixbased electronic payments,” SAC’98, pp. 157–173.
 M. Jakobsson, “Flash mixing,” PODC’99, pp. 83–89.
 M. Jakobsson, A. Juels “Millimix: Mixing in small batches,” DIMACS Technical report 9933 (June 1999)
 Mills, W. H. (1979) Covering design I: coverings by a small number of subsets. Ars Combin 8: pp. 199315
 W. Ogata, K. Kurosawa, K. Sako, K. Takatani, “Fault tolerant anonymous channel,” ICICS’ 97, pp. 440–444.
 C. Park, K. Itoh, K. Kurosawa, “All/nothing election scheme and anonymous channel,” Eurocrypt’ 93, pp. 248–259.
 T. P. Pedersen, “A threshold cryptosystem without a trusted party,” Eurocrypt’ 91, pp. 522–526.
 B. Pfitzmann, A. Pfitzmann. “How to break the direct RSAimplementation of MIXes,” Eurocrypt’ 89, pp. 373–381.
 D. Pointcheval, J. Stern, “Security proofs for signature schemes,” Eurocrypt’ 96, pp. 387–398.
 Rees, R., Stinson, D. R., Wei, R., Rees, G. H. J. (1999) An application of covering designs: Determining the maximum consistent set of shares in a threshold scheme. Ars Combin 531: pp. 225237
 K. Sako, J. Kilian, “Receiptfree mixtype voting scheme,” Eurocrypt’ 95, pp. 393–403.
 C. P. Schnorr, “Efficient signature generation for smart cards,” Crypto’ 89, pp. 239–252.
 C. P. Schnorr, M. Jakobsson, “Security of discrete log cryptosystems in the random oracle + generic model,” http://www.belllabs.com/user/markusj/
 Shamir, A. (1979) How to share a secret. Communications of the ACM 22: pp. 612613 CrossRef
 Y. Tsiounis, M. Yung, “On the security of ElGamal based encryption,” PKC’98, pp. 117–134.
 Edited by C. J. Colbourn and J. H. Dinitz, Handbook of Combinatorial Design, CRC Press (1996)
 Title
 How to Break a Practical MIX and Design a New One
 Book Title
 Advances in Cryptology — EUROCRYPT 2000
 Book Subtitle
 International Conference on the Theory and Application of Cryptographic Techniques Bruges, Belgium, May 14–18, 2000 Proceedings
 Pages
 pp 557572
 Copyright
 2000
 DOI
 10.1007/3540455396_39
 Print ISBN
 9783540675174
 Online ISBN
 9783540455394
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 1807
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag Berlin Heidelberg
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors

 Bart Preneel ^{(4)}
 Editor Affiliations

 4. Department of Electrical Engineering  ESAT / COSIC, Katholieke Universiteit Leuven
 Authors

 Yvo Desmedt ^{(5)} ^{(6)}
 Kaoru Kurosawa ^{(7)}
 Author Affiliations

 5. Department of Computer Science, Florida State University, PO Box 4530, 206 Love Building, Tallahassee, FL, 323064530, USA
 6. Dept. of Mathematics, Royal Holloway, University of London, UK
 7. Dept. of Electrical and Electronic Engineering Faculty of Engineering, Tokyo Institute of Technology, 2121 Ookayama, Meguroku, Tokyo, 1528552, Japan
Continue reading...
To view the rest of this content please follow the download PDF link above.