Cryptographic defense against traffic analysis
STOC '93 Proceedings of the twenty-fifth annual ACM symposium on Theory of computing
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
An Efficient Scheme for Proving a Shuffle
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking
Proceedings of the 11th USENIX Security Symposium
A Verifiable Secret Shuffle of Homomorphic Encryptions
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Verifiable shuffle of large size ciphertexts
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Towards an information theoretic metric for anonymity
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Simple and efficient shuffling with provable correctness and ZK privacy
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
An efficient publicly verifiable mix-net for long inputs
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
| Hi-index | 0.00 |
One of generic techniques to achieve anonymity is to process messages through a batch of cryptographic mixes. In order to guarantee proper execution verifiable mixes are constructed: each mix provides a proof of correctness together with its output. However, if a mix is working on a huge number of messages at a time, the proof itself is huge since it concerns processing all messages. So in practice only a few verifiers would download the proofs and in turn we would have to trust what they are saying.We consider a different model in which there are many verifiers, but each of them is going to download only a limited number of bits in order to check the mixes. Distributed character of the process ensures effectiveness even if many verifiers are dishonest and do not report irregularities found.We concern a fully distributed and intuitive verification scheme which we call local forking proofs. For each intermediate ciphertext a verifier may ask for a proof that its re-encrypted version is in the output of the mix concerned. The proof shows that the re-encrypted version is within some subset of kciphertexts from the output of the mix, and it can be performed with strong zero-knowledge or algebraic methods. They should work efficiently concerning communication complexity, if kis a relatively small constant.There are many issues concerning stochastic properties of local forking proofs. In this paper we examine just one: we estimate quite precisely how many mixes are required so that if a local proof is provided for each message, then a plaintext hidden in an input message can appear on any position of the final output set.