Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking

Küsters, Ralf; Truderung, Tomasz; Vogt, A.

doi:10.1109/sp.2014.29

Cited by 24 publications

(42 citation statements)

References 15 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It shortly discusses the utility of adding RPC (Randomized Integrity Checking) to cMix, an integrity check mechanism introduced by Jacobsson, Juels and Rivest [16], and further analyzed and developed in Refs. [17,18]. The usage of RPC in the cMix system is that each node commits to a randomly chosen permutation, publishes its input and output, and validates that it has followed the protocol correctly by revealing a (large) fraction of its secret input/output pairs, where these pairs are selected by the other nodes (or by a random oracle).…”

Section: Features and Extensionsmentioning

confidence: 99%

See 1 more Smart Citation

Attacks on the Basic cMix Design: On the Necessity of Commitments and Randomized Partial Checking

Galteland

Mjølsnes

Olimid

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The cMix scheme was proposed by Chaum et al. in 2016 as the first practical set of cryptographic protocols that offer sender-recipient unlinkability at scale. The claim was that the cMix is secure unless all nodes collude. We argue that their assertion does not hold for the basic description of cMix, and we sustain our statement by two different types of attacks: a tagging attack and an insider attack. For each one, we discuss the settings that make the attack feasible, and then possible countermeasures. By this, we highlight the necessity of implementing additional commitments or mechanisms that have only been mentioned as additional features.

show abstract

Section: Features and Extensionsmentioning

confidence: 99%

“…Notes on the RPC mechanism. RPC makes the nodes reveal a (large) fraction of their secret information, which could break the anonymity of the users [18]. As an example, let us assume that each node performs only one permutation and proves the correctness of its output for this permutation.…”

Section: Figure 3 the Insider Attackmentioning

confidence: 99%

Attacks on the Basic cMix Design: On the Necessity of Commitments and Randomized Partial Checking

Galteland

Mjølsnes

Olimid

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Küsters et. al [15], provide a formal security analysis of Chaumian RPC Mix Nets. They propose a new security definition, called accountability, which allows one to measure the level of privacy and verifiability of such a Mix Net precisely.…”

Section: Previous Workmentioning

confidence: 99%

Robustness Modelling and Verification of a Mix Net Protocol

Stathakidis

Schneider

Heather³

2014

Security Standardisation Research

View full text Add to dashboard Cite

Abstract. Re-encryption Mix Nets are used to provide anonymity by passing encrypted messages through a collection of servers which each permute and re-encrypt messages. They are used in secure electronic voting protocols because they provide a combination of anonymity and verifiability. The use of several peers also provides for robustness, since a Mix Net can run even in the presence of a minority of dishonest or incorrectly behaving peers. However, in practice the protocols for peers to decide when to exclude a peer are complex distributed algorithms, and it is non-trivial to gain confidence that the Mix Net will be robust and live in the presence of faulty or malicious peers. In this paper we model and analyse the algorithm used by Ximix, a particular Mix Net implementation, using the CSP process algebra and the FDR model checker. We model and analyse the protocol in the presence of a realistic intruder based on Roscoe and Goldsmith's perfect Spy [1]. We show that in the current implementation the protocol does not satisfy the robustness requirement. Finally, we propose a method of making it robust, and verify in FDR that the proposed solution is sound and provides this robustness. Along the way, we highlight the omissions and deviations from the original RPC proposal; Mix Net protocols are extremely fragile, and small and seemingly benign changes may result in security flaws. Our experimental results show that, with our modification, Ximix guarantees termination and produces a correct output in the presence of an intruder who can corrupt a minority of mix servers.

show abstract

“…Most of the formal analysis efforts for modern e-voting systems have concentrated on the design level, performing cryptographic analysis (see [15][16][17][18][19][20] for some of our own efforts in this direction). One main goal of this work is to extend such an analysis and perform it on the implemen- Brought to you by | New York University Bobst Library Technical Services Authenticated Download Date | 5/30/15 10:41 AM tation level directly.…”

Section: Security Properties Of Modern E-voting Systemsmentioning

confidence: 99%

“…This list constitutes the official result of the election process. Altogether, the core of sElect is a simple variant of what is called a Chaumian mix net (see, for example, [20] for more information and further references on mix nets).…”

Section: Tallying Phasementioning

confidence: 99%

Security in e-voting

Küsters

Truderung

2014

It - Information Technology

Self Cite

View full text Add to dashboard Cite

Systems for electronic voting (e-voting systems), including systems for voting over the Internet and systems for voting in a voting booth, have been employed in many countries. However, most of the systems used in practice today do not provide a sufficient level of security. For example, programming errors and malicious behavior resulting in the loss of votes and incorrect election outcomes easily go undetected. In fact, numerous problems with evoting systems have been reported in various countries. Therefore, in recent years modern e-voting systems have been designed that, among others, allow voters to check that their votes were counted correctly, even if voting machines and servers have programming errors or are outright malicious. In this paper, after a brief discussion of the problems of today's e-voting systems, we explain fundamental security properties modern e-voting systems should provide, including the above mentioned so-called verifiability property, and present a simple e-voting system to illustrate some of these properties. One important goal of our work is to provide security guarantees of such systems not only for abstract mathematical/cryptographic models of the systems but for the implementation of the systems directly. This requires us to combine various techniques and tools from security/cryptography, program analysis, and verification.

show abstract

Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking

Cited by 24 publications

References 15 publications

Attacks on the Basic cMix Design: On the Necessity of Commitments and Randomized Partial Checking

Attacks on the Basic cMix Design: On the Necessity of Commitments and Randomized Partial Checking

Robustness Modelling and Verification of a Mix Net Protocol

Security in e-voting

Contact Info

Product

Resources

About