Advertisement

cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations

  • David Chaum
  • Debajyoti Das
  • Farid Javani
  • Aniket Kate
  • Anna Krasnova
  • Joeri De Ruiter
  • Alan T. Sherman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)

Abstract

We introduce cMix, a new approach to anonymous communications. Through a precomputation, the core cMix protocol eliminates all expensive real-time public-key operations—at the senders, recipients and mixnodes—thereby decreasing real-time cryptographic latency and lowering computational costs for clients. The core real-time phase performs only a few fast modular multiplications.

In these times of surveillance and extensive profiling there is a great need for an anonymous communication system that resists global attackers. One widely recognized solution to the challenge of traffic analysis is a mixnet, which anonymizes a batch of messages by sending the batch through a fixed cascade of mixnodes. Mixnets can offer excellent privacy guarantees, including unlinkability of sender and receiver, and resistance to many traffic-analysis attacks that undermine many other approaches including onion routing. Existing mixnet designs, however, suffer from high latency in part because of the need for real-time public-key operations. Precomputation greatly improves the real-time performance of cMix, while its fixed cascade of mixnodes yields the strong anonymity guarantees of mixnets. cMix is unique in not requiring any real-time public-key operations by users. Consequently, cMix is the first mixing suitable for low latency chat for light-weight devices.

Our presentation includes a specification of cMix, security arguments, anonymity analysis, and a performance comparison with selected other approaches. We also give benchmarks from our prototype.

Notes

Acknowledgments

We thank the anonymous reviewers for their comments. We also thank the following people for helpful suggestions: David Delatte, Russell Fink, Bryan Ford, Moritz Neikes, and Dhananjay Phatak.

Sherman was supported in part by the National Science Foundation under SFS grant 1241576 and a subcontract of INSuRE grant 1344369, and by the Department of Defense under CAE-R grant H98230-15-10294. Krasnova conducted this research within the Privacy and Identity Lab (PI.lab, http://www.pilab.nl) funded by SIDN.nl (http://www.sidn.nl/).

References

  1. 1.
    Adida, B., Wikström, D.: Offline/online mixing. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 484–495. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-73420-8_43 CrossRefGoogle Scholar
  2. 2.
    Backes, M., Goldberg, I., Kate, A., Mohammadi, E.: Provably secure and practical onion routing. In: Proceeding of the 25th IEEE Computer Security Foundations Symposium (CSF), pp. 369–385 (2012)Google Scholar
  3. 3.
    Backes, M., Kate, A., Mohammadi, E.: Ace: an efficient key-exchange protocol for onion routing. In: Proceeding of the 11th ACM Workshop on Privacy in the Electronic Society (WPES), pp. 55–64 (2012)Google Scholar
  4. 4.
    Benaloh, J.: Simple verifiable elections. In: Proceeding of USENIX/Accurate Electronic Voting Technology Workshop (EVT), p. 5 (2006)Google Scholar
  5. 5.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)CrossRefzbMATHGoogle Scholar
  6. 6.
    Berthold, O., Pfitzmann, A., Standtke, R.: The disadvantages of free MIX routes and how to overcome them. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 30–45. Springer, Heidelberg (2001). doi: 10.1007/3-540-44702-4_3 CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_23 CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005). doi: 10.1007/11535218_11 CrossRefGoogle Scholar
  9. 9.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 4(2), 84–88 (1981)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., Das, D., Javani, F., Kate, A., Krasnova, A., Ruiter, J.D., Sherman, A.T.: cMix: mixing with minimal real-time asymmetric cryptographic operations. Cryptology ePrint Archive, Report 2016/008 (2016). https://eprint.iacr.org/2016/008.pdf
  11. 11.
    Chen, C., Asoni, D.E., Barrera, D., Danezis, G., Perrig, A.: HORNET: high-speed onion routing at the network layer. In: Proceeding of the 22nd ACM Conference on Computer and Communications Security, pp. 1441–1454 (2015)Google Scholar
  12. 12.
    Danezis, G.: The traffic analysis of continuous-time mixes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 35–50. Springer, Heidelberg (2005). doi: 10.1007/11423409_3 CrossRefGoogle Scholar
  13. 13.
    Danezis, G., Diaz, C., Troncoso, C.: Two-sided statistical disclosure attack. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 30–44. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75551-7_3 CrossRefGoogle Scholar
  14. 14.
    Danezis, G., Serjantov, A.: Statistical disclosure or intersection attacks on anonymity systems. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 293–308. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30114-1_21 CrossRefGoogle Scholar
  15. 15.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceeding of the 13th USENIX Security Symposium, pp. 303–320 (2004)Google Scholar
  16. 16.
    Dingledine, R., Shmatikov, V., Syverson, P.: Synchronous batching: from cascades to free routes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 186–206. Springer, Heidelberg (2005). doi: 10.1007/11423409_12 CrossRefGoogle Scholar
  17. 17.
    Dolev, D., Reischuk, R., Strong, H.R.: Early stopping in byzantine agreement. J. ACM 37(4), 720–741 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Evans, N.S., Dingledine, R., Grothoff, C.: A practical congestion attack on tor using long paths. In: Proceeding of the 18th USENIX Security Symposium, pp. 33–50 (2009)Google Scholar
  19. 19.
    Galteland, H., Mjølsnes, S.F., Olimid, R.F.: Attacks on cMix - some small overlooked details. Cryptology ePrint Archive, Report 2016/729 (2016). http://eprint.iacr.org/2016/729
  20. 20.
    Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Des. Codes Crypt. 67(2), 245–269 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. ACM 42(2), 39–41 (1999)CrossRefGoogle Scholar
  22. 22.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24660-2_14 CrossRefGoogle Scholar
  24. 24.
    Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). doi: 10.1007/3-540-68697-5_16 Google Scholar
  25. 25.
    Jakobsson, M.: Flash mixing. In: Proceedings of 18th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 83–89 (1999)Google Scholar
  26. 26.
    Jakobsson, M., Juels, A.: An optimally robust hybrid mix network. In: Proceedings of 20th Annual ACM Symposium on Principles of Distributed Computing, pp. 284–292 (2001)Google Scholar
  27. 27.
    Jansen, R., Tschorsch, F., Johnson, A., Scheuermann, B.: The sniper attack: anonymously deanonymizing and disabling the Tor network. In: Proceedings of Network and Distributed System Security Symposium (NDSS 2014) (2014)Google Scholar
  28. 28.
    Kate, A., Goldberg, I.: Using Sphinx to improve onion routing circuit construction. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 359–366. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14577-3_30 CrossRefGoogle Scholar
  29. 29.
    Kate, A., Zaverucha, G.M., Goldberg, I.: Pairing-based onion routing with improved forward secrecy. ACM Trans. Inf. Syst. Secur. 13(4), 29:1–29:32 (2010)CrossRefGoogle Scholar
  30. 30.
    Khazaei, S., Wikström, D.: Randomized partial checking revisited. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 115–128. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36095-4_8 CrossRefGoogle Scholar
  31. 31.
    Kwon, A., Lazar, D., Devadas, S., Ford, B.: Riffle: an efficient communication system with strong anonymity. PoPETs 2016(2), 115–134 (2016)Google Scholar
  32. 32.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Proceedings of 26th IEEE Symposium on Security and Privacy, pp. 183–195 (2005)Google Scholar
  33. 33.
    Ohkubo, M., Abe, M.: A length-invariant hybrid mix. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 178–191. Springer, Heidelberg (2000). doi: 10.1007/3-540-44448-3_14 CrossRefGoogle Scholar
  34. 34.
    Øverlier, L., Syverson, P.: Improving efficiency and simplicity of tor circuit establishment and hidden services. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 134–152. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75551-7_9 CrossRefGoogle Scholar
  35. 35.
    Øverlier, L., Syverson, P.F.: Locating hidden servers. In: Proceedings of 27th IEEE Symposium on Security and Privacy, pp. 100–114 (2006)Google Scholar
  36. 36.
    Park, C., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994). doi: 10.1007/3-540-48285-7_21 CrossRefGoogle Scholar
  37. 37.
    Pfitzmann, A., Waidner, M.: Networks without user observability – design options. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 245–253. Springer, Heidelberg (1986). doi: 10.1007/3-540-39805-8_29 CrossRefGoogle Scholar
  38. 38.
    Pfitzmann, B.: Breaking an efficient anonymous channel. In: Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 332–340. Springer, Heidelberg (1995). doi: 10.1007/BFb0053448 Google Scholar
  39. 39.
    Raymond, J.-F.: Traffic analysis: protocols, attacks, design issues, and open problems. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 10–29. Springer, Heidelberg (2001). doi: 10.1007/3-540-44702-4_2 CrossRefGoogle Scholar
  40. 40.
    Reed, M., Syverson, P., Goldschlag, D.: Anonymous connections and onion routing. IEEE J-SAC 16(4), 482–494 (1998)Google Scholar
  41. 41.
    Ruffing, T., Moreno-Sanchez, P., Kate, A.: P2P mixing and unlinkable Bitcoin transactions. In: NDSS 2017 (2017)Google Scholar
  42. 42.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003). doi: 10.1007/3-540-36415-3_3 CrossRefGoogle Scholar
  43. 43.
    Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-39650-5_7 CrossRefGoogle Scholar
  44. 44.
    Srikanth, T.K., Toueg, S.: Simulating authenticated broadcasts to derive simple fault-tolerant algorithms. Distrib. Comput. 2(2), 80–94 (1987)CrossRefGoogle Scholar
  45. 45.
    Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., Mittal, P.: Raptor: routing attacks on privacy in Tor. In: Proceedings of 24th USENIX Security Symposium, pp. 271–286 (2015)Google Scholar
  46. 46.
    The Tor project (2003). https://www.torproject.org/. Accessed April 2017

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • David Chaum
    • 1
  • Debajyoti Das
    • 2
  • Farid Javani
    • 3
  • Aniket Kate
    • 2
  • Anna Krasnova
    • 4
  • Joeri De Ruiter
    • 4
  • Alan T. Sherman
    • 3
  1. 1.Voting Systems InstituteLos AngelesUSA
  2. 2.Purdue UniversityWest LafayetteUSA
  3. 3.Cyber Defense LabUMBCBaltimoreUSA
  4. 4.Radboud UniversityNijmegenNetherlands

Personalised recommendations