Verifying a Mix Net in CSP

A Mix Net is a cryptographic protocol that tries to unlink the correspondence between its inputs and its outputs. In this paper, we formally analyse a Mix Net using the process algebra CSP and its associated model checker FDR. The protocol that we verify removes the reliance on a Web Bulletin Board during the mixing process: rather than communicating via a Web Bulletin Board, the protocol allows the mix servers to communicate directly, exchanging signed messages and maintaining their own records of the messages they have received. Mix Net analyses in the literature are invariably focused on safety properties; important liveness properties, such as deadlock freedom, are wholly neglected. This is an unhappy omission, however, since a Mix Net that produces no results is of little use. Here we verify that the Mix Net is guaranteed to terminate, outputting a provably valid mix agreed upon by a majority of mix servers, under the assumption that a majority of them act according to the protocol.

[1]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[2]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[3]  Michael Goldsmith The perfect spy for model−checking crypto−protocols , 1997 .

[4]  A. W. Roscoe,et al.  Data Independence with Generalised Predicate Symbols , 1999, PDPTA.

[5]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[6]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[7]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[8]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[9]  Joeri de Ruiter,et al.  Model Checking under Fairness in ProB and Its Application to Fair Exchange Protocols , 2012, ICTAC.

[10]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[11]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[12]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[13]  James Heather,et al.  The Append-Only Web Bulletin Board , 2008, Formal Aspects in Security and Trust.

[14]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[15]  Douglas Wikström,et al.  A Universally Composable Mix-Net , 2004, TCC.

[16]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[17]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[18]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[19]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[20]  Michael Goldsmith,et al.  Modelling and analysis of security protocols , 2001 .

[21]  Zhe Xia,et al.  A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission , 2012, Electronic Voting.