Abstract
We define a new type of mix network that offers a reduced form of robustness: the mixnet can prove that every message it outputs corresponds to an input submitted by a player without revealing which input (for honest players). We call mixnets with this property reputable mixnets. Reputable mixnets are not fully robust, because they offer no guarantee that distinct outputs correspond to distinct inputs. In particular, a reputable mix may duplicate or erase messages. A reputable mixnet, however, can defend itself against charges of having authored the output messages it produces. This ability is very useful in practice, as it shields the mixnet from liability in the event that an output message is objectionable or illegal.
We propose three very efficient protocols for reputable mixnets, all synchronous. The first protocol is based on blind signatures. It works both with Chaumian decryption mixnets or re-encryption mixnets based on ElGamal, but guarantees a slightly weaker form of reputability which we call near-reputability. The other two protocols are based on ElGamal re-encryption over a composite group and offer true reputability. One requires interaction between the mixnet and the players before players submit their inputs. The other assumes no interaction prior to input submission.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. Journal of the ACM (JACM) 48(4), 702–722 (2001)
Boneh, D., Golle, P.: Almost entirely correct mixing with applications to voting. In: Proc. of the 9th ACM Conference on Computer and Communications Security, pp. 68–77. ACM Press, New York (2002)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Chaum, D.: Blind signatures for untraceable payments. In: Proc. of Crypto 1982, pp. 199–203. Plenum Press, N.Y. (1983)
Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of type III anonymous remailer protocol. In: Proc. of the 2003 IEEE Symposium on Security and Privacy, pp. 2–15. On the web at, http://mixminion.net/
Frankling, M., Haber, S.: Joint encryption and message-efficient secure computation. Journal of Cryptology 9(4), 217–232 (1996)
The Free Haven Project. On the web at, http://www.freehaven.net/anonbib/
Furukawa, J., Sako, K.: An efficient scheme for proving a shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 368–387. Springer, Heidelberg (2001)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)
Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Communications of the ACM 42(2), 39–41 (1999)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mix networks. In: Proc. of the 2004 RSA Conference, Cryptographer’s track (2004)
Gulcu, C., Tsudik, G.: Mixing E-mail with Babel. In: Proc. of Network and Distributed Security Symposium - NDSS 1996. IEEE, Los Alamitos (1996)
Jakobsson, M., Juels, A.: An optimally robust hybrid mix network. In: Proc. of PODC 2001, pp. 284–292. ACM Press, New York (2001)
Jakobsson, M., Juels, A., Rivest, R.: Making mix nets robust for electronic voting by randomized partial checking. In: Proc. of USENIX 2002
McCurley, K.: A key distribution system equivalent to factoring. Journal of Cryptology 1(2), 95–105 (1988)
Neff, A.: A verifiable secret shuffle and its application to E-Voting. In: Proc. of ACM CCS 2001, pp. 116–125. ACM Press, New York (2001)
Ogata, W., Kurosawa, K., Sako, K., Takatani, K.: Fault tolerant anonymous channel. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 440–444. Springer, Heidelberg (1997)
Parekh, S.: Prospects for remailers. First Monday 1(2) (August 1996), On the web at, http://www.firstmonday.dk/issues/issue2/remailers/
Pedersen, T.: A Threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)
Pfitzmann, B., Pfitzmann, A.: How to break the direct RSA-implementation of mixes. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 373–381. Springer, Heidelberg (1990)
Pfizmann, B.: Breaking an Efficient Anonymous Channel. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 332–340. Springer, Heidelberg (1995)
Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Golle, P. (2005). Reputable Mix Networks. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_4
Download citation
DOI: https://doi.org/10.1007/11423409_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26203-9
Online ISBN: 978-3-540-31960-3
eBook Packages: Computer ScienceComputer Science (R0)