Distributed Verification of Mixing - Local Forking Proofs Model

  • Jacek Cichoń
  • Marek Klonowski
  • Mirosław Kutyłowski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5107)


One of generic techniques to achieve anonymity is to process messages through a batch of cryptographic mixes. In order to guarantee proper execution verifiable mixes are constructed: each mix provides a proof of correctness together with its output. However, if a mix is working on a huge number of messages at a time, the proof itself is huge since it concerns processing all messages. So in practice only a few verifiers would download the proofs and in turn we would have to trust what they are saying.

We consider a different model in which there are many verifiers, but each of them is going to download only a limited number of bits in order to check the mixes. Distributed character of the process ensures effectiveness even if many verifiers are dishonest and do not report irregularities found.

We concern a fully distributed and intuitive verification scheme which we call local forking proofs. For each intermediate ciphertext a verifier may ask for a proof that its re-encrypted version is in the output of the mix concerned. The proof shows that the re-encrypted version is within some subset of k ciphertexts from the output of the mix, and it can be performed with strong zero-knowledge or algebraic methods. They should work efficiently concerning communication complexity, if k is a relatively small constant.

There are many issues concerning stochastic properties of local forking proofs. In this paper we examine just one: we estimate quite precisely how many mixes are required so that if a local proof is provided for each message, then a plaintext hidden in an input message can appear on any position of the final output set.


mix anonymity distributed system 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adida, B., Wikström, D.: Offline/Online Mixing. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 484–495. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Athreya, K.B., Ney, P.E.: Branching Processes. Springer, Heidelberg (1972)zbMATHGoogle Scholar
  3. 3.
    Berman, R., Fiat, A., Ta-Shma, A.: Provable Unlinkability Against Traffic Analysis. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 266–280. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. CACM 24(2), 84–88 (1981)Google Scholar
  5. 5.
    Danezis, G., Serjantov, A.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)Google Scholar
  6. 6.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Furukawa, J., Sako, K.: An Efficient Scheme for Proving a Shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 368–387. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Furukawa, J., Sako, K.: An Efficient Publicly Verifiable Mix-Net for Long Inputs. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 111–125. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Furukawa, J.: Efficient, Verifiable Shuffle Decryption and Its Requirement of Unlinkability. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 319–332. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Gomułkiewicz, M., Klonowski, M., Kutyłowski, M.: Rapid Mixing and Security of Chaum’s Visual Electronic Voting. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 132–145. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Groth, J.: A Verifiable Secret Shuffle of Homomorphic Encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Groth, J., Lu, S.: Verifiable Shuffle of Large Size Ciphertexts. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 377–392. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Janson, S., Łuczak, T., Ruciński, A.: Random Graphs. John Wiley & Sons, Chichester (2002)Google Scholar
  14. 14.
    Jakobsson, M., Juels, A., Rivest, R.L.: Making Mix Nets Robust For Electronic Voting By Randomized Partial Checking. In: USENIX Security Symposium, pp. 339–353 (2002)Google Scholar
  15. 15.
    Nguyen, L., Safavi-Naini, R., Kurosawa, K.: Verifiable Shuffles: A Formal Model and a Paillier-Based Efficient Construction with Provable Security. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 61–75. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 83–98. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Köhntopp, M., Pfitzmann, A.: Anonymity, Unobservability, and Pseudonymity: A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)Google Scholar
  18. 18.
    McDiarmid, C.: On the method of bounded differences. Surveys in Combinatorics. Cambridge University Press, Cambridge (1989)Google Scholar
  19. 19.
    Mitzenmacher, M., Upfal, E.: Probability and computation. Cambridge University Press, Cambridge (2005)Google Scholar
  20. 20.
    Neff, A.: Verifiable mixing(shuffling) of El-Gamal pairs (2004),
  21. 21.
    Peng, K., Boyd, C., Dawson, E., Viswanathan, K.: A Correct, Private and Efficient Mix Network. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 439–454. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Peng, K., Boyd, C., Ed Dawson, E.: Simple and Efficient Shuffling with Provable Correctness and ZK Privacy. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 188–204. Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Rackoff, C., Simon, D.R.: Cryptographic Defense Against Traffic Analysis. In: STOC, vol. 25, pp. 672–681.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jacek Cichoń
    • 1
  • Marek Klonowski
    • 1
  • Mirosław Kutyłowski
    • 1
  1. 1.Institute of Mathematics and Computer ScienceWrocław University of Technology 

Personalised recommendations