Universal Re-encryption for Mixnets
We introduce a new cryptographic technique that we call universal re-encryption. A conventional cryptosystem that permits re-encryption, such as ElGamal, does so only for a player with knowledge of the public key corresponding to a given ciphertext. In contrast, universal re-encryption can be done without knowledge of public keys. We propose an asymmetric cryptosystem with universal re-encryption that is half as efficient as standard ElGamal in terms of computation and storage.
While technically and conceptually simple, universal re-encryption leads to new types of functionality in mixnet architectures. Conventional mixnets are often called upon to enable players to communicate with one another through channels that are externally anonymous, i.e., that hide information permitting traffic-analysis. Universal re-encryption lets us construct a mixnet of this kind in which servers hold no public or private keying material, and may therefore dispense with the cumbersome requirements of key generation, key distribution, and private-key management. We describe two practical mixnet constructions, one involving asymmetric input ciphertexts, and another with hybrid-ciphertext inputs.
Keywordsanonymity mix networks private channels universal re-encryption
Unable to display preview. Download preview PDF.
- 4.Cottrell, L.: Mixmaster & remailer attacks (1995), Available on the web at http://www.obscura.co/~loki/remailer/remailer-essay.html
- 5.de Santis, A., di Crescenzo, G., Persiano, G., Yung, M.: On monotone formula closure of SZK. In: Proc. of FOCS 1994, pp. 454–465. IEEE Press, Los Alamitos (1994)Google Scholar
- 9.Jakobsson, M., Juels, A.: Millimix: Mixing in small batches, DIMACS Technical Report 99-33 (June 1999)Google Scholar
- 11.Jakobsson, M., Juels, A., Rivest, R.: Making mix nets robust for electronic voting by randomized partial checking. In: Proc. of USENIX Security 2002, pp. 339–353 (2002)Google Scholar
- 13.Neff, A.: A verifiable secret shuffle and its application to e-voting. In: Proc. of ACM CCS 2001, pp. 116–125. ACM Press, New York (2001)Google Scholar
- 15.Sarma, S.: Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center (2001), Available from http://www.autoidcenter.org/
- 18.Shoup, V.: A proposal for an iso standard for public key encryption (version 2.1) (December 20, 2001) (manuscript)Google Scholar
- 20.Yoshida, J.: Euro bank notes to embed RFID chips by 2005. EE Times, December 19 (2001), Available at http://www.eetimes.com/story/OEG20011219S0016