# How to Break a Practical MIX and Design a New One

Conference paper

First Online:

## Abstract

A MIX net takes a list of ciphertexts (*c*_{1}, ..., *c*_{N}) and outputs a permuted list of the plaintexts (*m*_{1}, ..., *m*_{N}) without revealing the relationship between (*c*_{1},..., *c*_{N}) and (*m*_{1}, ...,*m*_{N}). This paper first shows that the Jakobsson’s MIX net of Eurocrypt’98, which was believed to be resilient and very efficient, is broken. We next propose an efficient *t*-resilient MIX net with *O*(*t*^{2}) servers in which the cost of each MIX server is *O*(*N*). Two new concepts are introduced, existential-honesty and limited-open-verification. They will be useful for distributed computation in general.

Download
to read the full conference paper text

### References

- 1.M. Abe, “Universally verifiable mix-net with verification work independent of the number of mix-centers,” Eurocrypt’ 98, pp. 437–447.Google Scholar
- 2.M. Abe, “A mix-network on permutation networks,” ISEC Technical report 99-10 (in Japanese) (May, 1999)Google Scholar
- 3.M. Abe, “Mix-networks on permutation networks,” Asiacrypt’ 99, pp. 258–273.Google Scholar
- 4.M. Bellare, A. Desai, D. Poincheval, P. Rogaway, “Relations among notions of security for public key encryption schemes,” Crypto’ 98, pp. 26–45.Google Scholar
- 5.M. Bellare, P. Rogaway, “Optimal asymmetric encryption-How to encrypt with RSA,” Eurocrypt’ 94, pp. 92–111.Google Scholar
- 6.D. Chaum, “Untraceable electronic mail, return addresses, and digital pseudonyms,” Communications of the ACM, Vol. 24, 1981, pp. 84–88.CrossRefGoogle Scholar
- 7.D. Chaum, H. Van Antwerpen, “Undeniable signatures,” Crypto’ 89, pp. 212–216.Google Scholar
- 8.Y. Desmedt, Y. Frankel, “Threshold cryptosystems,” Crypto’ 89, pp. 307–315.Google Scholar
- 9.D. Dolev, C. Dwork, M. Naor, “Non-malleable cryptography,” STOC’ 91, pp. 542–552.Google Scholar
- 10.T. ElGamal, “A public-key cryptosystem and a signature scheme based on discrete logarithms,” Crypto’ 84, pp. 10–18.Google Scholar
- 11.A. Fujioka, T. Okamoto, K. Ohta, “A practical secret voting scheme for large scale elections,” Auscrypt’ 92, pp. 244–251.Google Scholar
- 12.R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, “Robust and efficient sharing of RSA functions,” Crypto’ 96, pp. 157–172.Google Scholar
- 13.M. Jakobsson, “A practical MIX,” Eurocrypt’ 98, pp. 448–461.Google Scholar
- 14.M. Jakobsson, D. M’Raihi, “Mix-based electronic payments,” SAC’98, pp. 157–173.Google Scholar
- 15.M. Jakobsson, “Flash mixing,” PODC’99, pp. 83–89.Google Scholar
- 16.M. Jakobsson, A. Juels “Millimix: Mixing in small batches,” DIMACS Technical report 99-33 (June 1999)Google Scholar
- 17.W. H. Mills, “Covering design I: coverings by a small number of subsets,” Ars Combin. 8, (1979), pp. 199–315.MATHMathSciNetGoogle Scholar
- 18.W. Ogata, K. Kurosawa, K. Sako, K. Takatani, “Fault tolerant anonymous channel,” ICICS’ 97, pp. 440–444.Google Scholar
- 19.C. Park, K. Itoh, K. Kurosawa, “All/nothing election scheme and anonymous channel,” Eurocrypt’ 93, pp. 248–259.Google Scholar
- 20.T. P. Pedersen, “A threshold cryptosystem without a trusted party,” Eurocrypt’ 91, pp. 522–526.Google Scholar
- 21.B. Pfitzmann, A. Pfitzmann. “How to break the direct RSA-implementation of MIXes,” Eurocrypt’ 89, pp. 373–381.Google Scholar
- 22.D. Pointcheval, J. Stern, “Security proofs for signature schemes,” Eurocrypt’ 96, pp. 387–398.Google Scholar
- 23.R. Rees, D. R. Stinson, R. Wei, G. H. J. van Rees, “An application of covering designs: Determining the maximum consistent set of shares in a threshold scheme,” Ars Combin. 531 (1999), pp. 225–237.MathSciNetGoogle Scholar
- 24.K. Sako, J. Kilian, “Receipt-free mix-type voting scheme,” Eurocrypt’ 95, pp. 393–403.Google Scholar
- 25.C. P. Schnorr, “Efficient signature generation for smart cards,” Crypto’ 89, pp. 239–252.Google Scholar
- 26.C. P. Schnorr, M. Jakobsson, “Security of discrete log cryptosystems in the random oracle + generic model,” http://www.bell-labs.com/user/markusj/
- 27.A. Shamir, “How to share a secret,” Communications of the ACM, Vol. 22, 1979, pp. 612–613MATHCrossRefMathSciNetGoogle Scholar
- 28.Y. Tsiounis, M. Yung, “On the security of ElGamal based encryption,” PKC’98, pp. 117–134.Google Scholar
- 29.Edited by C. J. Colbourn and J. H. Dinitz, Handbook of Combinatorial Design, CRC Press (1996)Google Scholar

## Copyright information

© Springer-Verlag Berlin Heidelberg 2000