A Practical Mix
نویسنده
چکیده
We introduce a robust and efficient mix-network for exponentiation, and use it to obtain a threshold decryption mix-network for ElGamal encrypted messages, in which mix servers do not need to trust each other for the correctness of the result. If a subset of mix servers cheat, they will be caught with an overwhelming probability, and the decryption can restart after replacing them, in a fashion that is transparent to the participants providing the input t o be decrypted. As long as a quorum is not controlled by an adversary, the privacy of the mix is guaranteed. Our solution is proved to be secure if a commonly used assumption, the Decision Diffie-Hellman assumption, holds. Of possible independent interest are two new methods that we introduce: blinded destructive robustness, a type of destructive robustness with protection against leaks of secret information; and repetition robustness, a method for obtaining robustness for some distributed vector computations. Here, two or more calculations of the same equation are performed, where the different computations are made independent by the use of blinding and permutation. The resulting vectors are then unblinded, sorted and compared to each other. This allows us to detect cheating (resulting in inequality of the vectors). Also of possible independent interest is a modular extension to the ElGamal encryption scheme, making the resulting scheme non-malleable in the random oracle model. This is done by interpreting part of the ciphertext as a public key, and sign the ciphertext using the corresponding secret key.
منابع مشابه
Practical Anonymity for the Masses with Mix-Networks
Designing mix-networks for low-latency applications that offer acceptable performance and provide good resistance against attacks without introducing too much overhead is very difficult. Good performance and small overheads are vital to attract users and to be able to support many of them, because with only a few users, there is no anonymity at all. In this paper, we analyze how well different ...
متن کاملA new attack on Jakobsson Hybrid Mix-Net
The Jakobsson hybrid Mix-net proposed by Jakobsson and Juels, is a very practical and efficient scheme for long input messages. But this hybrid Mix-net does not have public verifiable property. In this paper a new attack to the Jakobsson hybrid Mix-net is introduced. This attack breaks the robustness of the hybrid Mix-net scheme, given that the corrupted first mix server and one of the senders ...
متن کاملFive Practical Attacks for "Optimistic Mixing for Exit-Polls"
Golle, Zhong, Boneh, Jakobsson, and Juels [9] recently presented an efficient mix-net, which they claim to be both robust and secure. We present five practical attacks for their mix-net, and break both its privacy and robustness. The first attack breaks the privacy of any given sender without corrupting any mix-server. The second attack requires that the first mix-server is corrupted. Both atta...
متن کاملDetermining Skill Mix: Practical Guidelines for Managers and Health Professionals
This paper provides practical guidelines for managers and health professionals looking to skill mix as a potential solution to health service delivery problems. These guidelines emphasise the need to evaluate the problem, and examine the context, before deciding if skill mix is the answer. The guidelines are provided in the knowledge that skill mix is rarely examined in a “pure” theoretical sen...
متن کاملSensitivity Analysis Based Comparative Assessment of Resource Mix Using MCDM Technique: A Case Study of Thar Desert, India
In the last decade, there has been a lot of focus on sustainable development in the electrical power industry to meet the growing energy demand. This has led to an increase in the integration of renewable energy sources (RES). In addition to being abundantly available, the RES offers advantages such as low environmental impact and increased social development of rural communities which are impe...
متن کاملHow to Break a Practical MIX and Design a New One
A MIX net takes a list of ciphertexts (c1, · · · , cN ) and outputs a permuted list of the plaintexts (m1, · · · ,mN ) without revealing the relationship between (c1, · · · , cN ) and (m1, · · · ,mN ). This paper first shows that the Jakobsson’s MIX net of Eurocrypt’98, which was believed to be resilient and very efficient, is broken. We next propose an efficient t-resilient MIX net with O(t) s...
متن کامل