An Analysis of Parallel Mixing with Attacker-Controlled Inputs

  • Nikita Borisov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3856)


Parallel mixing [7] is a technique for optimizing the latency of a synchronous re-encryption mix network. We analyze the anonymity of this technique when an adversary can learn the output positions of some of the inputs to the mix network. Using probabilistic modeling, we show that parallel mixing falls short of achieving optimal anonymity in this case. In particular, when the number of unknown inputs is small, there are significant anonymity losses in the expected case. This remains true even if all the mixes in the network are honest, and becomes worse as the number of mixes increases. We also consider repeatedly applying parallel mixing to the same set of inputs. We show that an attacker who knows some input–output relationships will learn new information with each mixing and can eventually link previously unknown inputs and outputs.


Conditional Entropy Unknown Input Output Relationship Probabilistic Simulation Distribution Step 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (February 1981)Google Scholar
  2. 2.
    Danezis, G.: Mix-networks with restricted routes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 1–17. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Díaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 141–159. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Dingledine, R., Shmatikov, V., Syverson, P.F.: Synchronous batching: From cascades to free routes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 186–206. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Furukawa, J., Sako, K.: An efficient scheme for proving a shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 368–387. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Golle, P., Juels, A.: Parallel mixing. In: ACM Conference on Communications and Computer Security (October 2004)Google Scholar
  8. 8.
    Golle, P., Boneh, D.: Almost entirely correct mixing with applications to voting. In: ACM Conference on Communications and Computer Security, pp. 68–77 (2002)Google Scholar
  9. 9.
    Jakobsson, M., Juels, A., Rivest, R.: Making mix nets robust for electronic voting by randomized partial checking. In: USENIX Security Symposium, pp. 339–353 (2002)Google Scholar
  10. 10.
    Andrew Neff, C.: A verifiable secret shuffle and its applications to e-voting. In: ACM Conference on Communications and Computer Security, pp. 116–125 (2001)Google Scholar
  11. 11.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Wright, M., Adler, M., Levine, B.N., Shields, C.: An analysis of the degradation of anonymous protocols. In: Proceedings of the Network and Distributed Security Symposium (NDSS). IEEE, Los Alamitos (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nikita Borisov
    • 1
  1. 1.UC BerkeleyUSA

Personalised recommendations