Marked Mix-Nets

  • Olivier PereiraEmail author
  • Ronald L. Rivest
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10323)


We propose a variant mix-net method, which we call a “marked mix-net”. Marked mix-nets avoid the extra cost associated with verifiability (producing a proof of correct mixing operation), while offering additional assurances about the privacy of the messages, compared to a non-verifiable mix-net.

With a marked mix-net, each mix-server adds an extra secret mark in each ciphertext, and the input ciphertexts are made non-malleable but still re-randomizable (RCCA).

Marked mix-nets appear to be a good fit for the mix-net requirements of voting systems that need a mix-net for anonymity but where correctness is guaranteed through independent mechanisms. Our work investigates applications to STAR-Vote, but other applications could be explored, e.g., in Prêt-à-Voter, Selene or Wombat.



We thank the anonymous reviewers for their helpful comments and suggestions.

The first author is grateful to the Belgian Fund for Scientific Research (F.R.S.-FNRS) for its financial support provided through the the SeVoTe project. The second author gratefully acknowledges support for his work on this project received from the Center for Science of Information (CSoI), an NSF Science and Technology Center, under grant agreement CCF-0939370, and from the Department of Statistics, University of California, Berkeley, which hosted his sabbatical visit during this work.


  1. 1.
    Abe, M., Kiltz, E., Okamoto, T.: Chosen ciphertext security with optimal ciphertext overhead. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 355–371. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  2. 2.
    Adida, B.: Advances in cryptographic voting systems. Ph.D. thesis. MIT (2006)Google Scholar
  3. 3.
    Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 137–156. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  4. 4.
    Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263–280. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  5. 5.
    Bell, S., Benaloh, J., Byrne, M.D., DeBeauvoir, D., Eakin, B., Fisher, G., Kortum, P., McBurnett, N., Montoya, J., Parker, M., Pereira, O., Stark, P.B., Wallach, D.S., Winn, M.: STAR-vote: a secure, transparent, auditable, and reliable voting system. USENIX J. Election Technol. Syst. (JETS) 1(1), 8 (2013)Google Scholar
  6. 6.
    Ben-Nun, J., Fahri, N., Llewellyn, M., Riva, B., Rosen, A., Ta-Shma, A., Wikström, D.: A new implementation of a dual (paper and cryptographic) voting system. In: E-VOTE (2012)Google Scholar
  7. 7.
    Benaloh, J., Jones, D., Lazarus, E.L., Lindeman, M., Stark, P.B.: Soba: secrecy-preserving observable ballot-level audit. In: EVT-WOTE 2011. USENIX (2011)Google Scholar
  8. 8.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). CrossRefGoogle Scholar
  9. 9.
    Bulens, P., Giry, D., Pereira, O.: Running mixnet-based elections with helios. In: Shacham, H., Teague, V. (eds.) Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. USENIX (2011)Google Scholar
  10. 10.
    Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  11. 11.
    Chase, M., Kohlweiss, M., Lysyanskaya, A., Meiklejohn, S.: Verifiable elections that scale for free. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 479–496. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  12. 12.
    Chaum, D.: Untracable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  13. 13.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Culnane, C., Ryan, P.Y.A., Schneider, S., Teague, V.: vVote: a verifiable voting system. ACM Trans. Inf. Syst. Secur. 18(1), 3:1–3:30 (2015)Google Scholar
  15. 15.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory IT 31(4), 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Lundin, D., Ryan, P.Y.A.: Human readable paper verification of prêt à voter. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 379–395. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  17. 17.
    Okamoto, T., Pointcheval, D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  18. 18.
    Pedersen, T.P.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991). Google Scholar
  19. 19.
    Phan, D.H., Pointcheval, D.: OAEP 3-round:a generic and secure asymmetric encryption padding. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 63–77. Springer, Heidelberg (2004). CrossRefGoogle Scholar
  20. 20.
    Popoveniuc, S., Stanton, J.: Undervote and pattern voting: vulnerability and a mitigation technique. In: Preproceedings of the 2007 IAVoSS Workshop on Trustworthy Elections (WOTE 2007) (2007)Google Scholar
  21. 21.
    Ren, J., Wu, J.: Survey on anonymous communications in computer networks. Comput. Commun. 33(4), 420–431 (2010)CrossRefGoogle Scholar
  22. 22.
    Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 176–192. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  23. 23.
    Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995). Google Scholar
  24. 24.
    Sampigethaya, K., Poovendran, R.: A survey on mix networks and their secure applications. In: Proceedings of IEEE, vol. 94, no. 12, pp. 2142–2181 (2006)Google Scholar
  25. 25.
    Shamir, A.: How to share a secret. CACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Terelius, B., Wikström, D.: Proofs of restricted shuffles. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 100–113. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  27. 27.
    Tsoukalas, G., Papadimitriou, K., Louridas, P., Tsanakas, P.: From helios to zeus. USENIX J. Election Technol. Syst. 1(1), 1–17 (2013)Google Scholar
  28. 28.
    Verificatum (2015).
  29. 29.
    Verificatum: complexity analysis of the verificatum mix-net vmn version 3.0.2 (July 2016).
  30. 30.
    Wikström, D.: Simplified submission of inputs to protocols. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 293–308. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  31. 31.
    Wikström, D.: Electronic election schemes and mix-nets (2015).

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.UCLouvainLouvain-la-NeuveBelgium
  2. 2.MITCambridgeUSA

Personalised recommendations