# How to Break a Practical MIX and Design a New One

Conference paper

First Online:

## Abstract

A MIX net takes a list of ciphertexts (*c* _{1}, ..., *c* _{N}) and outputs a permuted list of the plaintexts (*m* _{1}, ..., *m* _{N}) without revealing the relationship between (*c* _{1},..., *c* _{N}) and (*m* _{1}, ...,*m* _{N}). This paper first shows that the Jakobsson’s MIX net of Eurocrypt’98, which was believed to be resilient and very efficient, is broken. We next propose an efficient *t*-resilient MIX net with *O*(*t* ^{2}) servers in which the cost of each MIX server is *O*(*N*). Two new concepts are introduced, existential-honesty and limited-open-verification. They will be useful for distributed computation in general.

## Keywords

Encryption Scheme Signature Scheme Random Permutation Random Oracle Secret Sharing Scheme
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download
to read the full conference paper text

## References

- 1.M. Abe, “Universally verifiable mix-net with verification work independent of the number of mix-centers,” Eurocrypt’ 98, pp. 437–447.Google Scholar
- 2.M. Abe, “A mix-network on permutation networks,” ISEC Technical report 99-10 (in Japanese) (May, 1999)Google Scholar
- 3.M. Abe, “Mix-networks on permutation networks,” Asiacrypt’ 99, pp. 258–273.Google Scholar
- 4.M. Bellare, A. Desai, D. Poincheval, P. Rogaway, “Relations among notions of security for public key encryption schemes,” Crypto’ 98, pp. 26–45.Google Scholar
- 5.M. Bellare, P. Rogaway, “Optimal asymmetric encryption-How to encrypt with RSA,” Eurocrypt’ 94, pp. 92–111.Google Scholar
- 6.D. Chaum, “Untraceable electronic mail, return addresses, and digital pseudonyms,” Communications of the ACM, Vol. 24, 1981, pp. 84–88.CrossRefGoogle Scholar
- 7.D. Chaum, H. Van Antwerpen, “Undeniable signatures,” Crypto’ 89, pp. 212–216.Google Scholar
- 8.Y. Desmedt, Y. Frankel, “Threshold cryptosystems,” Crypto’ 89, pp. 307–315.Google Scholar
- 9.D. Dolev, C. Dwork, M. Naor, “Non-malleable cryptography,” STOC’ 91, pp. 542–552.Google Scholar
- 10.T. ElGamal, “A public-key cryptosystem and a signature scheme based on discrete logarithms,” Crypto’ 84, pp. 10–18.Google Scholar
- 11.A. Fujioka, T. Okamoto, K. Ohta, “A practical secret voting scheme for large scale elections,” Auscrypt’ 92, pp. 244–251.Google Scholar
- 12.R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, “Robust and efficient sharing of RSA functions,” Crypto’ 96, pp. 157–172.Google Scholar
- 13.M. Jakobsson, “A practical MIX,” Eurocrypt’ 98, pp. 448–461.Google Scholar
- 14.M. Jakobsson, D. M’Raihi, “Mix-based electronic payments,” SAC’98, pp. 157–173.Google Scholar
- 15.M. Jakobsson, “Flash mixing,” PODC’99, pp. 83–89.Google Scholar
- 16.M. Jakobsson, A. Juels “Millimix: Mixing in small batches,” DIMACS Technical report 99-33 (June 1999)Google Scholar
- 17.W. H. Mills, “Covering design I: coverings by a small number of subsets,” Ars Combin. 8, (1979), pp. 199–315.zbMATHMathSciNetGoogle Scholar
- 18.W. Ogata, K. Kurosawa, K. Sako, K. Takatani, “Fault tolerant anonymous channel,” ICICS’ 97, pp. 440–444.Google Scholar
- 19.C. Park, K. Itoh, K. Kurosawa, “All/nothing election scheme and anonymous channel,” Eurocrypt’ 93, pp. 248–259.Google Scholar
- 20.T. P. Pedersen, “A threshold cryptosystem without a trusted party,” Eurocrypt’ 91, pp. 522–526.Google Scholar
- 21.B. Pfitzmann, A. Pfitzmann. “How to break the direct RSA-implementation of MIXes,” Eurocrypt’ 89, pp. 373–381.Google Scholar
- 22.D. Pointcheval, J. Stern, “Security proofs for signature schemes,” Eurocrypt’ 96, pp. 387–398.Google Scholar
- 23.R. Rees, D. R. Stinson, R. Wei, G. H. J. van Rees, “An application of covering designs: Determining the maximum consistent set of shares in a threshold scheme,” Ars Combin. 531 (1999), pp. 225–237.MathSciNetGoogle Scholar
- 24.K. Sako, J. Kilian, “Receipt-free mix-type voting scheme,” Eurocrypt’ 95, pp. 393–403.Google Scholar
- 25.C. P. Schnorr, “Efficient signature generation for smart cards,” Crypto’ 89, pp. 239–252.Google Scholar
- 26.C. P. Schnorr, M. Jakobsson, “Security of discrete log cryptosystems in the random oracle + generic model,” http://www.bell-labs.com/user/markusj/
- 27.A. Shamir, “How to share a secret,” Communications of the ACM, Vol. 22, 1979, pp. 612–613zbMATHCrossRefMathSciNetGoogle Scholar
- 28.Y. Tsiounis, M. Yung, “On the security of ElGamal based encryption,” PKC’98, pp. 117–134.Google Scholar
- 29.Edited by C. J. Colbourn and J. H. Dinitz, Handbook of Combinatorial Design, CRC Press (1996)Google Scholar

## Copyright information

© Springer-Verlag Berlin Heidelberg 2000