A Fresh Look at the Generalised Mix Framework

  • Andrei Serjantov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4776)


Anonymity systems designed to handle anonymous email have been implemented with a variety of different mixes. Although many of their properties have been analysed in previous work, some are still not well understood and many results are still missing.

In this paper we reexamine the generalised mix framework and the binomial mix of [7]. We show that under some parameterizations the binomial mix has undesirable properties. More specifically, for any constant parameterization of the binomial mix, there is a minimum number of messages beyond which it acts as a timed mix. In this case the number of messages inside it is no longer hidden from the adversary and the mix is vulnerable to easy active attack. We suggest ways to avoid this in the generalised mix framework. Secondly, we show that the binomial distribution used in the framework produces distribution of pool sizes with low variance and show how to improve on this.

Finally, we present a technique from queueing theory which allows us to analyse this property for a class of mixes assuming Poisson message arrivals.


Binomial Distribution Pool Size Stochastic Volatility Modeling Stochastic Volatility Undesirable Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barndorff-Nielsen, O.E., Shepard, N.: Non-gaussian OU based models and some of their uses in financial economics and modelling by Levy processes for financial econometrics. Economics Papers 1999-w9/2000-w3, Economics Group, Nuffield College, University of Oxford (2000)Google Scholar
  2. 2.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (February 1981)Google Scholar
  3. 3.
    Cooper, R.: Introduction to Queueing Theory. North-Holland, New York (1981)Google Scholar
  4. 4.
    Díaz, C.: Anonymity and Privacy in Electronic Services. PhD thesis, Katholieke Universiteit Leuven, Leuven, Belgium (December 2005)Google Scholar
  5. 5.
    Díaz, C., Preneel, B.: Reasoning about the anonymity provided by pool mixes that generate dummy traffic. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Díaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P.Y A, Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Díaz, C., Serjantov, A.: Generalising mixes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, Springer, Heidelberg (2003)Google Scholar
  8. 8.
    James, L.F.: Laws and likelihoods for Ornstein Uhlenbeck-Gamma and other BNS OU stochastic volatilty models with extensions (2006),
  9. 9.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-go MIXes: Providing probabilistic anonymity in an open system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    O’Connor, L.: On blending attacks for mixes with memory. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Serjantov, A.: On the Anonymity of Anonymity Systems. PhD thesis, University of Cambridge (June 2004)Google Scholar
  12. 12.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Andrei Serjantov
    • 1
  1. 1.The Free Haven Project 

Personalised recommendations