Breaking an efficient anonymous channel

Pfitzmann, Birgit

doi:10.1007/bfb0053448

Cited by 76 publications

(73 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Pfitzmann [22,21] pointed out that this ciphertext must either be non-malleable (CCA2-secure) on its own, or augmented with a non-interactive zero-knowledge proof of knowledge of the plaintext to provide this property. For concreteness we assume that the latter approach is used.…”

Section: Ballot Preparation and Encryptionmentioning

confidence: 99%

“…It is easy to see that for the homomorphic mix-net with RPC, the attack of Pfitzmann [22,21] can be adopted to break the privacy of any given sender with probability 1/2. This forms the basis of our attacks on privacy, so it is worthwhile to describe it in detail.…”

Section: Pfitzmann's Attack and A Generalizationmentioning

confidence: 99%

“…Historically the proposals of heuristically secure mix-nets [20,11,12,14,9] have been followed by discovery of security flaws [22,21,5,17,24].…”

Section: On the Provable Security Of Rpcmentioning

confidence: 99%

See 2 more Smart Citations

Randomized Partial Checking Revisited

Khazaei

Wikström

2013

Topics in Cryptology – CT-RSA 2013

View full text Add to dashboard Cite

We study mix-nets with randomized partial checking (RPC) as proposed by Jakobsson, Juels, and Rivest (2002). RPC is a technique to verify the correctness of an execution both for Chaumian and homomorphic mix-nets. The idea is to relax the correctness and privacy requirements to achieve a more efficient mix-net.We identify serious issues in the original description of mix-nets with RPC and show how to exploit these to break both correctness and privacy, both for Chaumian and homomorphic mix-nets. Our attacks are practical and applicable to real world mix-net implementations, e.g., the Civitas and the Scantegrity voting systems.

show abstract

Section: Ballot Preparation and Encryptionmentioning

confidence: 99%

Section: Pfitzmann's Attack and A Generalizationmentioning

confidence: 99%

See 1 more Smart Citation

Randomized Partial Checking Revisited

Khazaei

Wikström

2013

Topics in Cryptology – CT-RSA 2013

View full text Add to dashboard Cite

show abstract

“…Similarly Mitomo and Kurosawa [36] exhibit a weakness in another protocol by Jakobsson [31]. Pfitzmann has given some general attacks on mix-nets [44,43], and Michels and Horster give additional attacks in [35]. Wikström [48] gives several attacks for a protocol by Golle et al [26].…”

Section: Previous Workmentioning

confidence: 99%

“…To avoid a large class of "relation attacks" [44,43,48] no sender can be allowed to construct a cryptotext of a message related to the message encrypted by some other sender. Thus, each sender is required to prove knowledge of the randomness it uses to form its cryptotexts.…”

Section: Definition 2 (Knowledge Of Correct Decryption-permutationmentioning

confidence: 99%

A Sender Verifiable Mix-Net and a New Proof of a Shuffle

Wikström

2005

Lecture Notes in Computer Science

164

View full text Add to dashboard Cite

Abstract. We introduce the first El Gamal based mix-net in which each mix-server partially decrypts and permutes its input, i.e., no reencryption is necessary. An interesting property of the construction is that a sender can verify non-interactively that its message is processed correctly. We call this sender verifiability. The mix-net is provably UC-secure against static adversaries corrupting any minority of the mix-servers. The result holds under the decision Diffie-Hellman assumption, and assuming an ideal bulletin board and an ideal zero-knowledge proof of knowledge of a correct shuffle. Then we construct the first proof of a decryption-permutation shuffle, and show how this can be transformed into a zero-knowledge proof of knowledge in the UC-framework. The protocol is sound under the strong RSA-assumption and the discrete logarithm assumption. Our proof of a shuffle is not a variation of existing methods. It is based on a novel idea of independent interest, and we argue that it is at least as efficient as previous constructions.

show abstract

A secure and optimally efficient multi‐authority election scheme

Cramer

Gennaro²,

Schoenmakers³

1997

Trans Emerging Tel Tech

367

236

View full text Add to dashboard Cite

Abstract. In this paper we present a new multi-authority secret-ballot election scheme that guarantees privacy, universal verifiability, and robustness. It is the first scheme for which the performance is optimal in the sense that time and communication complexity is minimal both for the individual voters and the authorities. An interesting property of the scheme is that the time and communication complexity for the voter is independent of the number of authorities. A voter simply posts a single encrypted message accompanied by a compact proof that it contains a valid vote. Our result is complementary to the result by Cramer, Franklin, Schoenmakers, and Yung in the sense that in their scheme the work for voters is linear in the number of authorities but can be instantiated to yield information-theoretic privacy, while in our scheme the voter's effort is independent of the number of authorities but always provides computational privacy-protection. We will also point out that the majority of proposed voting schemes provide computational privacy only (often without even considering the lack of information-theoretic privacy), and that our new scheme is by far superior to those schemes.

show abstract

Breaking an efficient anonymous channel

Cited by 76 publications

References 8 publications

Randomized Partial Checking Revisited

Randomized Partial Checking Revisited

A Sender Verifiable Mix-Net and a New Proof of a Shuffle

A secure and optimally efficient multi‐authority election scheme

Contact Info

Product

Resources

About