Parallel mixing

Efforts to design faster synchronous mix networks have focused on reducing the computational cost of mixing per server. We propose a different approach: our reencryption mixnet allows servers to mix inputs in parallel. The result is a dramatic reduction in overall mixing time for moderate-to-large numbers of servers. As measured in the model we describe, for n inputs and $M$ servers our parallel re encryption mixnet produces output in time at most 2n -- and only around n assuming a majority of honest servers. In contrast, a traditional, sequential, synchronous re-encryption mixnet requires time Mn. Parallel re-encryption mixnets offer security guarantees comparable to those of synchronous mixnets, and in many cases only a slightly weaker guarantee of privacy. Our proposed construction is applicable to many recently proposed re-encryption mixnets, such as those of Furukawa and Sako, Neff, Jakobsson et al., and Golle and Boneh. In practice, parallel mixnets promise a potentially substantial time saving in applications such as anonymous electronic elections.

[1]  Abraham Waksman,et al.  A Permutation Network , 1968, JACM.

[2]  Donald E. Knuth,et al.  The art of computer programming: sorting and searching (volume 3) , 1973 .

[3]  Donald E. Knuth,et al.  The Art of Computer Programming, Vol. 3: Sorting and Searching , 1974 .

[4]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[5]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[6]  Daniel R. Simon,et al.  Cryptographic defense against traffic analysis , 1993, STOC.

[7]  Kazue Sako,et al.  Fault tolerant anonymous channel , 1997, ICICS.

[8]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[9]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[10]  Markus Jakobsson,et al.  Flash mixing , 1999, PODC '99.

[11]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[12]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[13]  Masayuki Abe,et al.  A Length-Invariant Hybrid Mix , 2000, ASIACRYPT.

[14]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[15]  C. Cachin,et al.  Random oracles in constantipole: practical asynchronous Byzantine agreement using cryptography (extended abstract) , 2000, PODC '00.

[16]  Masayuki Abe,et al.  Remarks on Mix-Network Based on Permutation Networks , 2001, Public Key Cryptography.

[17]  Markus Jakobsson,et al.  An optimally robust hybrid mix network , 2001, PODC '01.

[18]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[19]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[20]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[21]  Dan Boneh,et al.  Almost entirely correct mixing with applications to voting , 2002, CCS '02.

[22]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[23]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[24]  Satoshi Obana,et al.  An Implementation of a Universally Verifiable Electronic Voting Scheme based on Shuffling , 2002, Financial Cryptography.

[25]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[26]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[27]  Vitaly Shmatikov,et al.  Synchronous Batching: From Cascades to Free Routes , 2004, Privacy Enhancing Technologies.

[28]  Aggelos Kiayias,et al.  The Vector-Ballot e-Voting Approach , 2004, Financial Cryptography.