Browse > Article
http://dx.doi.org/10.3745/JIPS.2012.8.1.175

Attack and Correction: How to Design a Secure and Efficient Mix Network  

Peng, Kun (Institute for Inforcomm Research)
Publication Information
Journal of Information Processing Systems / v.8, no.1, 2012 , pp. 175-190 More about this Journal
Abstract
Shuffling is an effective method to build a publicly verifiable mix network to implement verifiable anonymous channels that can be used for important cryptographic applications like electronic voting and electronic cash. One shuffling scheme by Groth is claimed to be secure and efficient. However, its soundness has not been formally proven. An attack against the soundness of this shuffling scheme is presented in this paper. Such an attack compromises the soundness of the mix network based on it. Two new shuffling protocols are designed on the basis of Groth's shuffling and batch verification techniques. The first new protocol is not completely sound, but is formally analyzed in regards to soundness, so it can be applied to build a mix network with formally proven soundness. The second new protocol is completely sound, so is more convenient to apply. Formal analysis in this paper guarantees that both new shuffling protocols can be employed to build mix networks with formally provable soundness. Both protocols prevent the attack against soundness in Groth's scheme. Both new shuffling protocols are very efficient as batch-verification-based efficiency-improving mechanisms have been adopted. The second protocol is even simpler and more elegant than the first one as it is based on a novel batch cryptographic technique.
Keywords
Mix Network; Correction;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D Wikstrom. "A sender verifiable mix-net and a new proof of a shuffle," In ASIACRYPT '05, pp.273-292.
2 J Furukawa and K Sako. "An efficient scheme for proving a shuffle," In CRYPTO '01, pp.368-387.
3 E Gabber, P Gibbons, Y Matias, and A Mayer. "How to make personalized web browsing simple, secure, and anonymous," In FC '97, pp.17-31.
4 P Golle, S Zhong, D Boneh, M Jakobsson, and A Juels. "Optimistic mixing for exit-polls," In ASIACRYPT '02, pp.451-465.
5 J Groth and Y Ishai. "Sub-linear zero-knowledge argument for correctness of a shuffle," In EUROCRYPT '08, pp.379-396.
6 J Groth and S Lu. "Verifiable shuffle of large size ciphertexts," In PKC '07, pp.377-392.
7 J Groth. "A verifiable secret shuffle of homomorphic encryptions," In Public Key Cryptography 2003, pp.145-160.
8 L Guillou and J Quisquater. "A "paradoxical" identity-based signature scheme resulting from zero-knowledge," In Shafi Goldwasser, editor, CRYPTO '88, pp.216-231.
9 F Hoshino, M Abe, and T Kobayashi. "Lenient/Strict batch verification in several groups," In ISC '01, pp.81-94.
10 C Neff. "A verifiable secret shuffle and its application to e-voting," In ACM CCS '01, pp.116-125.
11 P Paillier. "Public key cryptosystem based on composite degree residuosity classes,"In EUROCRYPT '99, pp.223-238.
12 K Peng, C Boyd, and E Dawson. "Simple and efficient shuffling with provable correctness and ZK privacy," In CRYPTO '05, pp.188-204.
13 K Peng, C Boyd, E Dawson, and K Viswanathan. "Efficient implementation of relative bid privacy in sealed-bid auction," In WISA '03, pp.244-256.
14 K Peng, C Boyd, E Dawson, and K Viswanathan. "A correct, private and efficient mix network," In PKC '04, pp.439-454.
15 C Schnorr. "Efficient signature generation by smart cards," Journal of Cryptology, 4, 1991, pp.161-174.
16 M Bellare, J A Garay, and T Rabin. "Fast batch verification for modular exponentiation and digital signatures," In EUROCRYPT '98, pp.236-250.
17 M Abe. "Mix-networks on permutation net-works," In ASIACRYPT '98, pp.258-273.
18 M Abe and F Hoshino. "Remarks on mix-network based on permutation networks," In PKC '01, pp.317-324.
19 R Aditya, K Peng, C Boyd, and E Dawson. "Batch verification for equality of discrete logarithms and threshold decryptions," In ACNS '04, pp.494-508.
20 C Boyd and C Pavlovski. "Attacking and repairing batch verification schemes," In ASIACRYPT '00, pp.58-71.
21 D Chaum. "Untraceable electronic mail, return address and digital pseudonym," Communications of the ACM, 24(2), 1981, pp.84-88.   DOI   ScienceOn
22 D Chaum and T Pedersen. "Wallet databases with observers," In CRYPTO '92, pp.89-105.