Abstract
Mix chains as proposed by Chaum allow sendingun traceable electronic e-mail without requiring trust in a single authority: messages are recursively public-key encrypted to multiple intermediates (mixes), each of which forwards the message after removing one layer of encryption. To conceal as much information as possible when using variable (source routed) chains, all messages passed to mixes should be of the same length; thus, message length should not decrease when a mix transforms an input message into the corresponding output message directed at the next mix in the chain. Chaum described an implementation for such length-preserving mixes, but it is not secure against active attacks. We show how to build practical cryptographically secure length-preserving mixes. The conventional definition of security against chosen ciphertext attacks is not applicable to length-preserving mixes; we give an appropriate definition and show that our construction achieves provable security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Bellare, M., and Rogaway, P. DHAES: An encryption scheme based on the Diffie-Hellman problem. Submission to IEEE P1363a. http://grouper.ieee.org/groups/1363/P1363a/Encryption.html, 1998. 246, 248
Abdalla, M., Bellare, M., and Rogaway, P. The oracle Diffie-Hellman assumptions and an analysis of DHIES. In Progress in Cryptology-CT-RSA 2001 (2001), D. Naccache, Ed., vol. 2020 of Lecture Notes in Computer Science, pp. 143–158. 246
Bellare, M., Canetti, R., and Krawczyk, H. Keyingha sh functions for message authentication. In Advances in Cryptology-CRYPTO’ 96 (1996), N. Koblitz, Ed., vol. 1109 of Lecture Notes in Computer Science, pp. 1–15. 248
Bellare, M., Besai, A., Jokipii, E., and Rogaway, P. A concrete security treatment of symmetric encryption. In 38th Annual Symposium on Foundations of Computer Science (FOCS’ 97) (1997), IEEE Computer Society, pp. 394–403. 248
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., and Rogaway, P. UMAC: Fast and secure message authentication. In Advances in Cryptology-CRYPTO’ 99 (1999), M. Wiener, Ed., vol. 1666 of Lecture Notes in Computer Science, pp. 216–233. 248
Chaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24 (1981), 84–88. 244, 245
Cottrell, L. Mixmaster & remailer attacks. http://www.obscura.com/%7Eloki/remailer/remailer-essay.html, 1997. 245
Cramer, R., and Shoup, V. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. Manuscript, http://shoup.net/papers/, 2001. 246, 254, 256
Diffie, W., and Hellman, M. E. New directions in cryptography. IEEE Transactions on Information Theory 22, 6 (1976), 644–654. 248
Goldwasser, S., and Micali, S. Probabilistic encryption. Journal of Computer and System Sciences 28 (1984), 270–299. 254
Jakobsson, M., and Juels, A. An optimally robust hybrid mix network. In 20th Annual ACM Symposium on Principles of Distributed Computing (PODC 2001) (2001), ACM Press, pp. 284–292. 246
Krovetz, T., Black, J., Halevi, S., Hevia, A., Krawczyk, H., and Rogaway, P. UMAC: Message authentication code using universal hashing. Internet-Draft draft-krovetz-umac-01.txt, http://www.cs.ucdavis.edu/~rogaway/umac/, 2000. 248
Lipmaa, H., Rogaway, P., and Wagner, D. Comments to NIST concerning AES modes of operation: CTR-mode encryption. http://csrc.nist.gov/encryption/modes/workshop1/papers/lipmaa-ctr.pdf, 2000. 248
Miller, V. S. Use of elliptic curves in cryptography. In Advances in Cryptology-CRYPTO’ 85 (1986), H. C. Williams, Ed., vol. 218 of Lecture Notes in Computer Science, pp. 417–428. 248
Möller, U., and Cottrell, L. Mixmaster protocol version 2. http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-v2-01.txt, 2000. 246
Ohkubo, M., and Abe, M. A length-invariant hybrid mix. In Advances in Cryptology-ASIACRYPT 2000 (2000), T. Okamoto, Ed., vol. 1976 of Lecture Notes in Computer Science, pp. 178–191. 246
Rackoff, C. W., and Simon, D. R. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology-CRYPTO’ 91 (1992), J. Feigenbaum, Ed., vol. 576 of Lecture Notes in Computer Science, pp. 433–444. 254
Shoup, V. A proposal for an ISO standard for public key encryption. Version 2.1, December 20, 2001. http://shoup.net/papers/. 248
Wegman, M. N., and Carter, J. L. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22 (1981), 265–279. 248
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Möller, B. (2003). Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_17
Download citation
DOI: https://doi.org/10.1007/3-540-36563-X_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00847-7
Online ISBN: 978-3-540-36563-1
eBook Packages: Springer Book Archive