An Analysis of Parallel Mixing with Attacker-Controlled Inputs
Parallel mixing  is a technique for optimizing the latency of a synchronous re-encryption mix network. We analyze the anonymity of this technique when an adversary can learn the output positions of some of the inputs to the mix network. Using probabilistic modeling, we show that parallel mixing falls short of achieving optimal anonymity in this case. In particular, when the number of unknown inputs is small, there are significant anonymity losses in the expected case. This remains true even if all the mixes in the network are honest, and becomes worse as the number of mixes increases. We also consider repeatedly applying parallel mixing to the same set of inputs. We show that an attacker who knows some input–output relationships will learn new information with each mixing and can eventually link previously unknown inputs and outputs.
KeywordsConditional Entropy Unknown Input Output Relationship Probabilistic Simulation Distribution Step
Unable to display preview. Download preview PDF.
- 1.Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (February 1981)Google Scholar
- 7.Golle, P., Juels, A.: Parallel mixing. In: ACM Conference on Communications and Computer Security (October 2004)Google Scholar
- 8.Golle, P., Boneh, D.: Almost entirely correct mixing with applications to voting. In: ACM Conference on Communications and Computer Security, pp. 68–77 (2002)Google Scholar
- 9.Jakobsson, M., Juels, A., Rivest, R.: Making mix nets robust for electronic voting by randomized partial checking. In: USENIX Security Symposium, pp. 339–353 (2002)Google Scholar
- 10.Andrew Neff, C.: A verifiable secret shuffle and its applications to e-voting. In: ACM Conference on Communications and Computer Security, pp. 116–125 (2001)Google Scholar
- 12.Wright, M., Adler, M., Levine, B.N., Shields, C.: An analysis of the degradation of anonymous protocols. In: Proceedings of the Network and Distributed Security Symposium (NDSS). IEEE, Los Alamitos (2002)Google Scholar