### Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes

Bodo Möller

##### Abstract

Mix chains as proposed by Chaum allow sending untraceable electronic e-mail without requiring trust in a single authority: messages are recursively public-key encrypted to multiple intermediates (mixes), each of which forwards the message after removing one layer of encryption. To conceal as much information as possible when using variable (source routed) chains, all messages passed to mixes should be of the same length; thus, message length should not decrease when a mix transforms an input message into the corresponding output message directed at the next mix in the chain. Chaum described an implementation for such length-preserving mixes, but it is not secure against active attacks. We show how to build practical cryptographically secure length-preserving mixes. The conventional definition of security against chosen ciphertext attacks is not applicable to length-preserving mixes; we give an appropriate definition and show that our construction achieves provable security.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. CT-RSA 2003
Keywords
cryptographic remailerschosen ciphertext attack security
Contact author(s)
moeller @ cdc informatik tu-darmstadt de
History
2002-11-18: last of 2 revisions
See all versions
Short URL
https://ia.cr/2002/119

CC BY

BibTeX

@misc{cryptoeprint:2002/119,
author = {Bodo Möller},
title = {Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes},
howpublished = {Cryptology ePrint Archive, Paper 2002/119},
year = {2002},
note = {\url{https://eprint.iacr.org/2002/119}},
url = {https://eprint.iacr.org/2002/119}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.