Abstract:
In order to design an exceptionally efficient mix network, both asymptotically and in real terms, we develop the notion of almost entirely correct mixing, and propose a new mix network that is almost entirely correct. In our new mix, the real cost of proving correctness is orders of magnitude faster than all other mix nets. The trade-off is that our mix only guarantees “almost entirely correct ” mixing, i.e it guarantees that the mix network processed correctly all inputs with high (but not overwhelming) probability. We use a new technique for verifying correctness. This new technique consists of computing the product of a random subset of the inputs to a mix server, then require the mix server to produce a subset of the outputs of equal product. Our new mix net is of particular value for electronic voting, where a guarantee of almost entirely correct mixing may well be sufficient to announce instantly the result of a large election. The correctness of the result can later be verified beyond a doubt using any one of a number of much slower proofs of perfectcorrectness, without having to mix the ballots again.
Citations
|
742
|
Untraceable electronic mail, return addresses, and digital pseudonyms
– Chaum
- 1981
|
|
355
|
Nonmalleable cryptography
– Dolev, Dwork, et al.
|
|
216
|
Wallet Databases with Observers
– Chaum, Perderson
- 1992
|
|
127
|
A Threshold Cryptosystem Without a Trusted Party. Eurocrypt ’91
– Pedersen
|
|
83
|
Secure Distributed Key Generation for Discrete-Log-Based Cryptosystems. Eurocrypt ’99
– Gennaro, Jarecki, et al.
|
|
83
|
A verifiable secret shuffle and its application to e-voting
– Neff
- 2001
|
|
66
|
Making mix nets robust for electronic voting by randomized partial checking
– Jakobsson, Juels, et al.
- 2002
|
|
59
|
Universally verifiable mix-net with verification work independent of the number of mix-servers
– Abe
- 1998
|
|
59
|
A practical mix
– Jakobsson
- 1998
|
|
54
|
Efficient anonymous channel and all/nothing election scheme
– Itoh, Kurosawa, et al.
- 1993
|
|
50
|
Flash Mixing
– Jakobsson
- 1999
|
|
48
|
An efficient scheme for proving a shuffle
– Furukawa, Sako
- 2001
|
|
44
|
Mix-networks on permutation networks
– Abe
- 1999
|
|
34
|
How to break the direct RSAimplementation of MIXes
– Pfitzmann, Pfitzmann
- 1989
|
|
32
|
How to break a practical mix and design a new one
– Desmedt, Kurosawa
- 2000
|
|
32
|
On the security of elgamal based encryption
– Tsiounis, Yung
- 1998
|
|
31
|
Receipt-Free Mix-Type Voting Scheme
– Sako, Kilian
- 1995
|
|
28
|
Millimix: Mixing in small batches
– JAKOBSSON, JUELS
- 1999
|
|
26
|
Fault tolerant anonymous channel
– Ogata, Kurosawa, et al.
- 1997
|
|
23
|
Remarks on mix-network based on permutation networks
– Abe, Hoshino
- 1992
|
|
23
|
An optimally robust hybrid mix network
– Jakobsson, Juels
- 2001
|
|
22
|
Attack for flash mix
– Mitomo, Kurosawa
- 1976
|
|
19
|
Mix-based electronic payments
– Jakobsson, M'Raihi
- 1998
|
|
12
|
Batch verification with applications to cryptography andchecking (Invited Paper), Latin American Theoretical INformatics 98
– Bellare, Garay, et al.
- 1998
|
|
12
|
Optimistic Mixing for ExitPolls
– Golle, Zhong, et al.
- 2002
|
|
10
|
Efficient receipt-free voting based on homomorphic encryption
– Hirt, Sako
- 2000
|
|
3
|
Breaking an efficient anonymous channel
– Pfizmann
|
