Breaking and Provably Fixing Minx

  • Erik Shimshock
  • Matt Staats
  • Nick Hopper
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5134)


In 2004, Danezis and Laurie proposed Minx, an encryption protocol and packet format for relay-based anonymity schemes, such as mix networks and onion routing, with simplicity as a primary design goal. Danezis and Laurie argued informally about the security properties of Minx but left open the problem of proving its security. In this paper, we show that there cannot be such a proof by showing that an active global adversary can decrypt Minx messages in polynomial time. To mitigate this attack, we also prove secure a very simple modification of the Minx protocol.


Block Cipher Random Oracle Packet Format Oracle Query Reply Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. ACM Press, New York (1993)Google Scholar
  2. 2.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the rsa encryption standard pkcs #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Camenisch, J., Lysyanskaya, A.: A Formal Treatment of Onion Routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  5. 5.
    Danezis, G., Laurie, B.: Minx: a simple and efficient anonymous packet format. In: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pp. 59–65 (2004)Google Scholar
  6. 6.
    Danezis, G.: Breaking four mix-related schemes based on universal re-encryption. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type iii anonymous remailer protocol. In: SP 2003: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 2. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  8. 8.
    Gligor, V., Donescu, P.: Infinite Garble Extension. Contribution to NIST (2000)Google Scholar
  9. 9.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing. Commun. ACM 42(2), 39–41 (1999)CrossRefGoogle Scholar
  10. 10.
    Goldwasser, S., Bellare, M.: Lecture notes on cryptography. Summer Course Cryptography and Computer Security at MIT 1999, 1999 (1996)Google Scholar
  11. 11.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.F.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Håstad, J., Nåslund, M.: The security of all rsa and discrete log bits. J. ACM 51(2), 187–230 (2004)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Möller, B.: Provably secure public-key encryptionfor length-preserving chaumian mixes. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 244–262. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications (1978)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Erik Shimshock
    • 1
  • Matt Staats
    • 1
  • Nick Hopper
    • 1
  1. 1.University of MinnesotaMinneapolisUSA

Personalised recommendations