A survey on mix networks and their secure applications

Proceedings of the IEEE

Volumn 94, Issue 12, 2006, Pages 2142-2180

  Sampigethaya, Krishna ^a,b   Poovendran, Radha ^a,b  

^a IEEE   (United States)

^b University of Washington   (United States)

Author keywords

Anonymity; Applied cryptography; Mixnets; Privacy; Protocols

Indexed keywords

CRYPTOGRAPHY; NETWORK PROTOCOLS; NETWORK SECURITY; ROBUSTNESS (CONTROL SYSTEMS);

ANONYMITY; APPLIED CRYPTOGRAPHY; MIXNETS; NETWORK COMMUNICATIONS;

DATA PRIVACY;

EID: 33947418087     PISSN: 00189219     EISSN: None     Source Type: Journal    
DOI: 10.1109/JPROC.2006.889687     Document Type: Review

References (107)

1. D. Chaum, "Untraceable electronic mail, return addresses, and digital pseudonyms," Commun. ACM, vol. 24, no. 2, pp. 84-88, 1981.
2. M. Jakobsson, A. Juels, and R. Rivest, "Making mix nets robust for electronic voting by randomized partial checking," in Proc. USENIX' 02. New York: Springer-Verlag, 2002, pp. 339-353.
3. R. Sampigethaya and R. Poovendran, A framework and taxonomy for comparison of electronic voting schemes, 2004, manuscript submitted for publication.
4. _, Evaluating secure remote electronic voting systems, 2004, manuscript submitted for publication.
5. S. Parekh, Prospects for remailers. [Online]. Available: http:/www.firstmonday.org/issues/issue2/remailers/
6. L. Cottrell. (1994). Mixmaster and remailer Attacks. [Online]. Available: http://www.obscura.com/loki/remailer/remailer-essay.html
7. C. Gulcu and G. Tsudik, "Mixing email with Babel," in Proc. Internet Soc. Symp. Network and Distributed System Security, 1996, pp. 2-16.
8. G. Danezis, R. Dingledine, and N. Mathewson, "Mixminion: Design of a type III anonymous remailer protocol," in Proc. 2003 IEEE Symp. Security Privacy, 2003, pp. 2-15.
9. A. Pfitzmann, B. Pfitzmann, and M. Waidner, "ISDN-Mixes: Untraceable communication with very small bandwidth overhead," in Proc. GI/ITG Conf. Communication Distributed Systems, Informatik-Fachberichte. New York: Springer-Verlag, 1991, pp. 451-463.
10. A. Jerichow, J. Muller, A. Pfitzmann, B. Pfitzmann, and M. Waidner, "Real-time mixes: A bandwidth-efficient anonymity protocol," IEEE J. Select. Areas Commun., vol. 16, no. 4, pp. 495-509, Apr. 1998.
11. D. Goldschlag, M. Reed, and P. Syverson, "Hiding routing information," in Proc. Information Hiding, 1996, pp. 137-150.
12. P. Syverson, D. Goldschlag, and M. Reed, "Anonymous connections and onion routing," in Proc. IEEE Symp. Security Privacy, 1997, pp. 44-54.
13. M. G. Reed, P. F. Syverson, and D. M. Goldschlag, "Anonymous connections and onion routing," IEEE J. Special Areas Commun., vol. 16, no. 4, pp. 482-494, Apr. 1998.
14. Onion routing. [Online]. Available: http://www.onion-router.net/
15. A. Young and M. Yung, Malicious Cryptography: Exposing Cryptovirology. New York: Wiley, 2004.
16. H. Federrath, A. Jerichow, and A. Pfitzmann, "MIXes in mobile communication systems: Location management with privacy," in Proc. Information Hiding. 1996, pp. 121-135.
17. M. G. Reed, P. F. Syverson, and D. M. Goldschlag, "Protocols using anonymous connections: Mobile applications," in Proc. Security Protocols, 1997, pp. 13-23.
18. L. Huang, K. Matsuura, H. Yamane, and K. Sezaki, "Enhancing wireless location privacy using silent period," in Proc. IEEE Wireless Communications Networking Conf., 2005.
19. P. Golle, M. Jakobsson, A. Juels, and P. Syverson, "Universal re-encryption for mixnets," in Proc. RSA Conf. Cryptographers' Track, 2004, pp. 163-178.
20. J. Raymond, "Traffic analysis: Protocols, attacks, design issues and open problems," in Proc. Designing Privacy Enhancing Technologies Workshop, 2001, pp. 10-29.
21. Free haven project bibliography. [Online]. Available: http://www.freehaven.net/anonbib/date.html
22. O. Berthold, A. Pfitzmann, and R. Standtke, "The disadvantages of free mix routes and how to overcome them," in Proc. Anonymity, 2001, pp. 30-45.
23. A. Serjantov, R. Dingledine, and P. Syverson, "From a trickle to a flood: Active attacks on several mix types," in Proc. Information Hiding Workshop, 2002, pp. 36-52.
24. M. Jakobsson and A. Juels, "An optimally robust hybrid mix network," in Proc. 20th Annu. ACM Symp. Principles Distributed Computing (PODC 2001.), 2001, pp. 284-292.
25. R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar, "A reputation system to increase MIX-net reliability," in Proc. Information Hiding Workshop, 2001, pp. 126-141.
26. C. Diaz and A. Serjantov, "Generalizing mixes," in Proc. Workshop on Privacy Enhancing Technologies, 2003, pp. 18-31.
27. C. Diaz and B. Preneel, "Taxonomy of mixes and dummy traffic," in Proc. 19th IFIP Int. Information Security Conf., 2004.
28. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. Boca Raton, FL: CRC, 1997.
29. D. R. Stinson, Cryptography: Theory and Practice, 2nd ed. Boca Raton, FL: CRC, 2002.
30. R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public key cryptosystems," Commun. ACM, vol. 21, pp. 120-126, 1978.
31. B. Möller, "Provably secure public-key encryption for length-preserving Chaumian mixes," in Proc. CT-RSA. New York: Springer-Verlag, 2003, pp. 244-262.
32. S. Goldwasser, S. Micali, and C. Rackoff, "The knowledge complexity of interactive proof systems," SIAM J. Computing, vol. 18, pp. 186-208, 1989.
33. C. Park, K. Itoh, and K. Kurosawa, "Efficient anonymous channel and all/nothing election scheme," in Advances in Cryptology-Eurocrypt. New York: Springer-Verlag, 1994, pp. 248-259.
34. T. Elgamal, "A public-key cryptosystem and a signature scheme based on discrete logarithms," IEEE Trans. Inform. Theory, vol. 31, no. 4, pp. 469-472, Jul. 1985.
35. A. Shamir, "How to share a secret," Commun. ACM, vol. 22, no. 11, pp. 612-613, 1979.
36. P. Golle and M. Jakobsson, "Reusable anonymous return channels," in Proc. Workshop Privacy Electronic Soc., 2003, pp. 94-100.
37. M. Jakobsson, "On quorum controlled asymmetric proxy re-encryption," in Proc. PKC, 1999, pp. 112-121.
38. R. Dingledine, V. Shmatikov, and P. Syverson, "Synchronous batching: From cascades to free routes," in Proc. Privacy Enhancing Technologies Workshop, 2004.
39. W. Ogata, K. Kurosawa, K. Sako, and K. Takatani, "Fault-tolerant anonymous channel," in Proc. ICICS, 1997, pp. 440-444.
40. K. Sako and J. Killian, "Receipt-free mix-type voting scheme - A practical solution to the implementation of a voting booth," in Advances Cryptology-Eurocrypt, 1995, pp. 393-403.
41. B. Pfitzmann and A. Pfitzmann, "How to break the direct rsa-implementation of mixes," in Advances Cryptology-Eurocrypt, 1989, pp. 373-381.
42. B. Pfitzmann, "Breaking an efficient anonymous channel," in Advances CrypJology-Eurocrypt, 1994, pp. 332-340.
43. C. Rackoff and D. Simon, "Cryptographic defense against traffic analysis," in Proc. 25th Annu. ACM Symp. Theory of Computing, 1993, pp. 672-681.
44. M. Jakobsson, "A practical mix," in Advances in Cryptology-Eurocrypt, 1998, pp. 449-461.
45. D. Chaum, "Security without identification: Transaction systems to make big brother obsolete," Commun. ACM, vol. 28, no. 10, pp. 1030-1044, 1985.
46. M. Jakobsson, "Flash mixing," in Proc. ACM Symp. Principles of Distributed Computing (PODC), 1999, pp. 83-89.
47. Y. Desmedt and K. Kurosawa, "How to break a practical mix and design a new one," in Advances Cryptology-Eurocrypt, 2000, pp. 557-572.
48. M. Mitomo and K. Kurosawa, "Attack for flash MIX," in Advances in Cryptology-Asiacrypt. 2000, pp. 192-204.
49. M. Ohkubo and M. Abe, "A length-invariant hybrid mix," in Advances Cryptology-Asiacrypt, 2000, pp. 178-191.
50. M. Abe and H. Imai, "Flaws in some robust optimistic mixnets," in Proc. ACISP, 2003, pp. 39-50.
51. M. Michels and P. Horster, "Some remarks on a receipt-free and universally verifiable mix-type voting scheme," in Advances Cryptology-Asiacrypt, 1996, pp. 125-132.
52. M. Abe, "Universally verifiable mix-net with verification work independent of the number of mix-centers," in Advances Cryptology-Eurocrypt, 1998, pp. 437-447.
53. _, "Mix-networks on permutation networks," in Advances Cryptology-Asiacrypt, 1999, pp. 258-273.
54. M. Jakobsson and A. Juels, Millimix: Mixing in small batches, DIMACS Techn. Rep. 99-33, 1999.
55. M. Abe and F. Hoshino, "Remarks on mix-networks based on permutation networks," in Proc. PKC, 2001, pp. 317-324.
56. A. Waksman, "A permutation network," J. ACM, vol. 15, no. 1, pp. 159-163, 1968.
57. J. Furukawa, H. Miyauchi, K. Mori, S. Obana, and K. Sako, "An implementation of a universally verifiable electronic voting scheme based on shuffling," in Proc. Financial Cryptography (FC 2002). 2003, pp. 16-30.
58. L. Nguyen and R. Safavi-Naini, "Breaking and mending resilient mixnets," in Proc. Privacy Enhancing Technologies Workshop, 2003, pp. 66-80.
59. C. A. Neff, "A verifiable secret shuffle and its application to e-voting," in Proc. 8th ACM Conf. Computer Communications Security, 2001, pp. 116-125.
60. J. Furukawa and K. Sako, "An efficient scheme for proving a shuffle," in Advances Cryptology-Crypto, 2001, pp. 368-387.
61. J. Groth, "A verifiable secret shuffle of homomorphic encryptions," in Proc. PKC, 2003, pp. 145-160.
62. D. Boneh and P. Golle, "Almost entirely correct mixing with applications to voting," in Proc. 9th ACM Conf. Computer Communications Security, 2002, pp. 68-77.
63. P. Golle, S. Zhong, D. Boneh, M. Jakobsson, and A. Juels, "Optimistic mixing for exit-polls," in Advances Cryptology-Asiacrypt, 2002, pp. 451-465.
64. P. Golle and A. Juels, "Parallel mixing," in Proc. 11th ACM Conf. Computer and Communications Security, 2004, pp. 220-226.
65. U. Moller, L. Cottrell, P. Palfrader, and L. Sassaman. (2003). Mixmaster Protocol-Version 2 Draft. [Online]. Available: http://www.abditum.com/mixmaster-spec.txt
66. Alixminion. [Online]. Available: http://mixminion.net/
67. O. Berthold, H. Federrath, and S. Kopsell, "Web MIXes: A system for anonymous and unobservable internet access," in Proc. Designing Privacy Enhancing Technologies Workshop, 2000, pp. 115-129.
68. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The second generation onion router," in Proc. 13th USENIX Security Symp., 2004, pp. 303-320.
69. Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao, "On flow correlation attacks and countermeasures in mix networks," in Proc. Privacy Enhancing Technologies Workshop, 2004.
70. O. Berthold and H. Langos, "Dummy traffic against long term intersection attacks," in Proc. Privacy Enhancing Technologies Workshop (PET 2002), 2003, pp. 110-128.
71. B. N. Levine, M. K. Reiter, C. Wang, and M. Wright, "Timing attacks in low-latency mix systems," in Proc. Financial Cryptography (FC 2004), 2004, pp. 251-265.
72. A. Serjantov and R. E. Newman, "On the anonymity of timed pool mixes," in Proc. Workshop Privacy Anonymity Issues in Networked Distributed Syst., 2003, pp. 427-434.
73. D. Kesdogan, J. Egner, and R. Buschkes, "Stop-and-go mixes providing probabilistic security in an open system," in Proc. 2nd Int. Workshop Information Hiding, 1998, pp. 83-98.
74. P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, "Towards an analysis of onion routing security," in Proc. Designing Privacy Enhancing Technologies Workshop, 2000, pp. 96-114.
75. G. Danezis and L. Sassaman, "Heartbeat traffic to counter (n-1) attacks: Red-green-black mixes," in Proc. ACM Workshop Privacy Electronic Soc., 2003, pp. 89-93.
76. G. Danezis, "Forward secure mixes," in Proc. Nordic Workshop Secure IT Syst., 2002, pp. 195-207.
77. R. Dingledine and P. Syverson, "Reliable MIX cascade networks through reputation," in Proc. Financial Cryptography (FC 2002.), 2002.
78. P. Golle, "Reputable mix networks," in Proc. Privacy Enhancing Technologies Workshop, 2004.
79. Y. Desmedt and Y. Frankel, "Shared generation of authenticators and signatures," in Advances Cryptology-Crypto, 1992, pp. 457-469.
80. V. Shoup, "Practical threshold signatures," in Advances Cryptology-Eurocrypt, 2000, pp. 207-220.
81. D. Chaum, "The dining cryptographers problem: Unconditional sender and recipient untraceability," J. Cryptology, vol. 1, no. 1, pp. 65-75, 1988.
82. P. Golle and A. Juels, "Dining cryptographers revisited," in Advances Cryptology-Eurocrypt, 2004, pp. 456-473.
83. M. K. Reiter and A. D. Rubing, "Crowds: Anonymity for web transactions," ACM Trans. Information Syst. Security, vol. 1, no. 1, pp. 66-92, 1998.
84. M. Rennhard and B. Plattner, "Introducing Morphmix: Peer-to-peer based anonymous internet usage with collusion detection," in Proc. Workshop Privacy Electronic Soc., 2002, pp. 91-102.
85. A. Pfitzmann and M. Waidner, "Networks without user observability - Design options," in Advances in Cryptology-Eurocrypt, 1985, pp. 245-253.
86. R. Bohme, G. Danezis, C. Diaz, S. Kopsell, and A. Pfitzmann, "Mix cascades vs. peer-to-peer: Is one concept superior?" in Proc. Privacy Enhancing Technologies Workshop, 2004.
87. G. Danezis, "Mix-networks with restricted routes," in Proc. Privacy Enhancing Technologies Workshop, 2003.
88. M. Reiter and X. Wang, "Fragile mixing," in Proc. 11th ACM Conf. Computer Communications Security, 2004, pp. 227-235.
89. R. Cramer, R. Gennaro, and B. Schoenmakers, "A secure and optimally efficient multi-authority election scheme," in Advances in Cryptology-Eurocrypt, 1997, pp. 103-118.
90. B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, "Verifiable secret sharing and achieving simultaneous broadcast," in Proc. IEEE Fund. Comp. Sci., 1985, pp. 335-344.
91. P. Feldman, "A practical scheme for non-interactive verifiable secret sharing," in Proc. 28th IEEE Symp. Found. Computer Sci. (FOCS 87), 1987, pp. 427 437.
92. T. Pedersen, "A threshold cryptosystem without a trusted party," in Advances Cryptology-Eurocrypt, 1991, p. 5 227 526.
93. M. Stadler, "Publicly verifiable secret sharing," in Advances in Cryptology-Eurocrypt, 1996, pp. 190-199.
94. B. Schoenmakers, "A simple publicly verifiable secret sharing scheme and its applications to electronic voting," in Advances Cryptology-Crypto, 1999, pp. 148-164.
95. D. Chaum, "Blind signature system," in Advances Cryptology-Crypto, 1984, pp. 153-153.
96. Y. Desmedt, "Society and group oriented cryptography: A new concept," in Advances Cryptology-Crypto, 1987, pp. 120-127.
97. O. Goldreich, S. Micali, and A. Wigderson, "Proofs that yield nothing but the validity of the assertion, and a methodology of cryptographic protocol design," in Proc. 27th IEEE Symp. Found. Computer Sci., 1986, pp. 174-187.
98. A. Fiat and A. Shamir, "How to prove yourself: Practical solutions to identification and signature problems," in Advances Cryptology-Crypto, 1987, pp. 186-194.
99. M. Blum, A. D. Santis, S. Micali, and G. Persiano, "Non-interactive zero-knowledge," SIAM J. Computing, vol. 20, no. 6, pp. 1084-1118, 1991.
100. "FIPS 180-1, Secure Hash Standard," Apr. 1995: U.S. Dept. Commerce/N.I.S.T., Nat. Tech. Information Service, Springfield, VA.
101. A. Pfitzmann and M. Hansen, Anonymity, unlinfcabilify, unobservability, pseudonymity, and identity management a consolidated proposal for terminology, ver. v0.25, Dec. 2005.
102. A. Serjantov and G. Danezis, "Towards an information theoretic metric for anonymity," in Proc. Workshop Privacy Enhancing Technologies (PET), Apr. 2002, pp. 41-53.
103. C. Diaz, S. Seys, J. Claessens, and B. Preneel, "Towards measuring anonymity," in Proc. Workshop Privacy Enhancing Technologies, Apr. 2002, pp. 54-68.
104. M. Waidner, "Unconditional sender and recipient untraceability in spite of active attacks," in Advances Cryptology - Eurocrypt, vol. 434, 1990, pp. 302-319.
105. E. Franz, A. Graubner, A. Jerichow, and A. Pfitzmann, "Comparison of commitment schemes used in mix-mediated anonymous communication for preventing' pool-mode attack," in Proc. 3rd Australasian Conf. Information Security Privacy (ACISP'98), vol. 1438, 1990, pp. 111-122.
106. G. Danezis, "Breaking four mix-related schemes based on universal re-encryption," in Proc. Information Security Conf., Sep. 2006.
107. C. Díaz, "Anonymity and privacy in electronic services," Ph.D. dissertation, Katholieke Universiteit Leuven, Leuven, Belgium, Dec. 2005.