Auditable Privacy: On Tamper-Evident Mix Networks

  • Jong Youl Choi
  • Philippe Golle
  • Markus Jakobsson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4107)


We introduce the notion of tamper-evidence for mix networks in order to defend against attacks aimed at covertly leaking secret information held by corrupted mix servers. This is achieved by letting observers (which need not be trusted) verify the absence of covert channels by means of techniques we introduce herein. Our tamper-evident mix network is a type of re-encryption mixnet in which a server proves that the permutation and re-encryption factors that it uses are correctly derived from a random seed to which the server is committed.


Mix network covert channel malware observer subliminal channel tamper-evident 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M.: Mix-networks on permutation networks. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 258–273. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Chaum, D.: Secret Ballot Receipts: True Voter-Verifiable Elections. RSA CryptoBytes 7(2) (2004)Google Scholar
  3. 3.
    Choi, J., Golle, P., Jakobsson, M.: Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware. IACR ePrint report, No. 147 (2005)Google Scholar
  4. 4.
    Desmedt, Y.: Subliminal-free authentication and signature. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 23–33. Springer, Heidelberg (1988)Google Scholar
  5. 5.
    Fiat, A., Shamir, A.: How to prove yourself: Practical Solution to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  6. 6.
    Golle, P., Jakobsson, M.: Reusable Anonymous Return Channels. In: Proc. of the Workshop on Privacy in the Electronic Society(WPES 2003), pp. 94–100. ACM Press, New York (2003)CrossRefGoogle Scholar
  7. 7.
    Gennaro, R., et al.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Jakobsson, M.: A practical mix. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 448–461. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Juels, A., Guajardo, J.: RSA Key Generation with Verifiable Randomness. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 357–374. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Jakobsson, M., Juels, A., Rivest, R.: Making mix nets robust for electronic voting by randomized partial checking. In: Proc. of USENIX 2002, pp. 339–353Google Scholar
  11. 11.
    Jakobsson, M., et al.: Fractal Merkle Tree Representation and Traversal. In: Proc. of RSA Cryptographers’ Track 2003 (2003)Google Scholar
  12. 12.
    Jakobsson, M., Yung, M.: Distributed Magic Ink Signatures. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 450–464. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    Karlof, C., Sastry, N., Wagner, D.: Cryptographic Voting Protocols: A Systems Perspective. In: USENIX Security 2005, August 2005, pp. 33–50 (2005)Google Scholar
  14. 14.
    Lepinksi, M., Micali, S., Shelat, A.: Collusion-Free Protocols. In: STOC 2005, ACM Press, New York (2005)Google Scholar
  15. 15.
    Merkle, R.: Secrecy, authentication, and public key systems. Ph.D. dissertation, Dept. of Electrical Engineering, Stanford Univ. (1979)Google Scholar
  16. 16.
    Michels, M., Horster, P.: Some remarks on a receipt-free and universally verifiable mix-type voting scheme. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Neff, C.A.: A verifiable secret shuffle and its application to e-voting. In: Proc. of CCS 2001, pp. 116–125. ACM Press, New York (2001)CrossRefGoogle Scholar
  18. 18.
    Ogata, W., et al.: Fault tolerant anonymous channel. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 440–444. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  19. 19.
    Park, C., Itho, K., Kurosawa, K.: All/Nothing Election Scheme and Anonymous Channel. In: Proceeding of Eurocrypt 1993 (1993)Google Scholar
  20. 20.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Pedro, A., Rezende, D.: Electronic Voting Systems – Is Brazil Ahead of its Time? RSA CryptoBytes 7(2) (2004)Google Scholar
  22. 22.
    Reiter, M.K., Wang, X.: Fragile Mixing. In: Proc. of CCS 2004, pp. 227–235 (2004)Google Scholar
  23. 23.
    Schnorr, C.P.: Efficient Signature Generation for Smart Cards. In: Proc. of Crypto 1989, pp. 239–252 (1989)Google Scholar
  24. 24.
    Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Proc. of Crypto 1983, pp. 51–67 (1983)Google Scholar
  25. 25.
    Simmons, G.J.: The subliminal channel and digital signature. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  26. 26.
    Smid, M.E., Branstad, D.K.: Response to comments on the NIST proposed Digital Signature Standard. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 76–87. Springer, Heidelberg (1993)Google Scholar
  27. 27.
    Stadler, M.: Publicly Verifiable Secret Sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996)Google Scholar
  28. 28.
    Young, A., Yung, M.: The Dark Side of Black-Box Cryptography, or: Should We Trust Capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)Google Scholar
  29. 29.
    Young, A., Yung, M.: The prevalence of Kleptographic attacks on discrete-log based cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997)Google Scholar
  30. 30.
    Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)Google Scholar
  31. 31.
    Young, A., Yung, M.: Auto-Recoverable and Auto-Certifiable Cryptosystems. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 119–133. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  32. 32.
    Tsiounis, Y., Yung, M.: On the Security of ElGamal Based Encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jong Youl Choi
    • 1
  • Philippe Golle
    • 2
  • Markus Jakobsson
    • 3
  1. 1.Dept. of Computer ScienceIndiana University at BloomingtonUSA
  2. 2.Palo Alto Research CenterPalo AltoUSA
  3. 3.School of InformaticsIndiana University at BloomingtonUSA

Personalised recommendations