Mix network

From Wikipedia, the free encyclopedia

(Redirected from Mix networks)

Jump to: navigation, search

This article is about cryptographic concept. For the social network, see The Mix Network.

Simple decryption mix net. Messages are encrypted under a sequence of public keys. Each mix node removes a layer of encryption using its own private key. The node shuffles the message order, and transmits the result to the next node.

Digital mixes (also known as mix networks) were invented by David Chaum in 1981. Digital mixes create hard-to-trace communications by using a chain of proxy servers. Each message is encrypted to each proxy using public key cryptography; the resulting encryption is layered like a Russian doll (except that each "doll" is of the same size) with the message as the innermost layer. Each proxy server strips off its own layer of encryption to reveal where to send the message next. If all but one of the proxy servers are compromised by the tracer, untraceability can still be achieved against some weaker adversaries.

Some anonymous remailers (such as Mixmaster) and onion routing (including Tor) are based on this idea.

There is another kind of mix net that consists of re-encryption operations. In these mixnets each mix node re-encrypts the set of received messages and the decryption is done in a single step. Homomorphic encryption schemes allow that.

[edit] How it works

Participant A prepares a message for delivery to participant B by appending a random value R to the message, sealing it with the addressee's public key $K_b$ , appending B’s address, and then sealing the result with the mix's public key $K_m$ . M opens it with his private key, now he knows B’s address, and he sends $K_b(message, R)$ to B.

[edit] Message format

$K_m(R1,K_b(R0,message),B)\longrightarrow(K_b(R0,message),B)$

To accomplish this, the sender takes the mix’s public key ( $K_m$ ), and uses it to encrypt an envelope containing a random string ( $R1$ ), a nested envelope addressed to the recipient, and the email address of the recipient (B). This nested envelope is encrypted with the recipient’s public key ( $K_b$ ), and contains another random string (R0), along with the body of the message being sent. Upon receipt of the encrypted top-level envelope, the mix uses its secret key to open it. Inside, it finds the address of the recipient (B) and an encrypted message bound for B. The random string ( $R1$ ) is discarded.

[edit] Return Addresses

What is needed now is a way for B to respond to A while still keeping the identity of A secret from B.

A solution is for A to form an untraceable return address $K1(S1, Ax), Kx$ where $Ax$ is its own real address, $Kx$ is a public one-time key chosen for the current occasion only, and $S1$ is a key that will also act as a random string for purposes of sealing. Then, A can send this return address to B as part of a message sent by the techniques already described.

B sends $K1(S1, A), Kx (S0, response)$ to M, and M transforms it to $A, S1 (Kx (S0, response)$ .

This mix uses the string of bits $S1$ that it finds after decrypting the address part $K1(S1, A)$ as a key to re-encrypt the message part $Kx(S0, response)$ . Only the addressee, A, can decrypt the resulting output because A created both $S1$ and $Kx$ . The additional key $Kx$ assures that the mix cannot see the content of the reply-message.

The following indicates how B uses this untraceable return address to form a response to A, via a new kind of mix:

The message from A $\longrightarrow$ B:

$K1(R1, K_b(R,message, K1(S1, A), Kx ), B)\longrightarrow K_b(R, message, K1(S1, A), Kx )$

Reply message from B $\longrightarrow$ A:

$K1(S1, A) , Kx(S0, response)\longrightarrow A, S1(Kx(S0, response))$

Where: $K_b$ = B’s public key, $K1$ = the mix’s public key.

A destination can reply to a source without sacrificing source anonymity. The reply message shares all of the performance and security benefits with the anonymous messages from source to destination.

[edit] Goals

The purpose of a mix is to hide the correspondences between the items in its input and those in its output. (Note: if just one item is repeated in the input and allowed to be repeated in the output, then the correspondence is revealed for that item). By routing through numerous mixes in the network, determining who is talking to who is made even more difficult.

[edit] Further reading

Email Security, Bruce Schneier (ISBN 0-471-05318-X)
Computer Privacy Handbook, Andre Bacard (ISBN 1-56609-171-3)

[edit] References

Mix network

Contents

[edit] How it works

[edit] Message format

[edit] Return Addresses

[edit] Goals

[edit] Further reading

[edit] References

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Interaction

Toolbox

Print/export

Languages