Mix-Network with Stronger Security

  • Jan Camenisch
  • Anton Mityagin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3856)


We consider a mix-network as a cryptographic primitive that provides anonymity. A mix-network takes as input a number of ciphertexts and outputs a random shuffle of the corresponding plaintexts. Common applications of mix-nets are electronic voting and anonymous network traffic. In this paper, we present a novel construction of a mix-network, which is based on shuffling ElGamal encryptions. Our scheme is the first mix-net to meet the strongest security requirements: it is robust and secure against chosen ciphertext attacks as well as against active attacks in the Universally Composable model. Our construction allows one to securely execute several mix-net instances concurrently, as well as to run multiple mix-sessions without changing a set of keys. Nevertheless, the scheme is efficient: it requires a linear work (in the number of input messages) per mix-server.


Discrete Logarithm Bulletin Board Ideal Functionality Strong Security Random Coin 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M.: Mix-Networks on Permutation Networks. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 258–273. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Abe, M., Hoshino, F.: Remarks on Mix-Network Based on Permutation Networks. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Abe, M., Imai, H.: Flaws in Some Robust Optimistic Mix-Nets. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Blum, M., Feldman, P., Micali, S.: Non-Interactive Zero-Knowledge and Its Applications. In: Proc. of the 20th ACM STOC. ACM, New York (1988)Google Scholar
  6. 6.
    Camenisch, J.L., Shoup, V.: Practical Verifiable Encryption and Decryption of Discrete Logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: Proc. of the 42nd IEEE FOCS. IEEE, Los Alamitos (2001)Google Scholar
  8. 8.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  9. 9.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proc. of the 34th ACM STOC. ACM, New York (2002)Google Scholar
  10. 10.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  11. 11.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  12. 12.
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proc. of the 28th IEEE FOCS. IEEE, Los Alamitos (1987)Google Scholar
  13. 13.
    Groth, J.: A Verifiable Secret Shuffle of Homomorphic Encryptions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 145–160. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Jakobsson, M.: A Practical Mix. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 448–461. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Jakobsson, M., Juels, A.: An optimally robust hybrid mix network. In: PODC 2001 (2001)Google Scholar
  16. 16.
    Golle, P., Zhong, S., Boneh, D., Jakobsson, M., Juels, A.: Optimistic Mixing for Exit-Polls. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 451–465. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Lindell, Y., Lysyanskaya, A., Rabin, T.: On the Composition of Authenticated Byzantine Agreement. In: Proc. of the 34th ACM STOC. ACM, New York (2002)Google Scholar
  18. 18.
    Naor, M., Yung, M.: Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: Proc. of the 22nd ACM STOC. ACM, New York (1990)Google Scholar
  19. 19.
    Park, C.-s., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/Nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  20. 20.
    Pass, R.: On Deniability in the Common Reference String and Random Oracle Model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316–337. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Pfitzmann, B.: Breaking an Efficient Anonymous Channel. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 332–340. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  22. 22.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  23. 23.
    Shamir, A.: How to Share a Secret. Communications of ACM 22(11), 612–613 (1979)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Wikström, D.: Five Practical Attacks for Optimistic Mixing for Exit-Polls. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Wikström, D.: A Universally Composable Mix-Net. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 317–335. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Anton Mityagin
    • 2
  1. 1.IBM Research, Zurich Research LaboratoryRüschlikonSwitzerland
  2. 2.Department of Computer ScienceUniversity of CaliforniaSan DiegoUSA

Personalised recommendations