Cryptology ePrint Archive: Report 2016/008

cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations

David Chaum and Debajyoti Das and Farid Javani and Aniket Kate and Anna Krasnova and Joeri de Ruiter and Alan T. Sherman

Abstract: We introduce cMix, a new approach to anonymous communications. Through a precomputation, the core cMix protocol eliminates all expensive realtime public-key operations --- at the senders, recipients and mixnodes --- thereby decreasing real-time cryptographic latency and lowering computational costs for clients. The core real-time phase performs only a few fast modular multiplications. In these times of surveillance and extensive profiling there is a great need for an anonymous communication system that resists global attackers.

One widely recognized solution to the challenge of traffic analysis is a mixnet, which anonymizes a batch of messages by sending the batch through a fixed cascade of mixnodes. Mixnets can offer excellent privacy guarantees, including unlinkability of sender and receiver, and resistance to many traffic-analysis attacks that undermine many other approaches including onion routing. Existing mixnet designs, however, suffer from high latency in part because of the need for real-time public-key operations. Precomputation greatly improves the real-time performance of cMix, while its fixed cascade of mixnodes yields the strong anonymity guarantees of mixnets. cMix is unique in not requiring any real-time public-key operations by users. Consequently, cMix is the first mixing suitable for low latency chat for lightweight devices.

Our presentation includes a specification of cMix, security arguments, anonymity analysis, and a performance comparison with selected other approaches. We also give benchmarks from our prototype.

Category / Keywords: Anonymous communications, mix networks, cMix, group-homomorphic encryption, PrivaTegrity

Date: received 5 Jan 2016, last revised 20 Mar 2018

Contact author: das48 at purdue edu

Available format(s): PDF | BibTeX Citation

Note: Revised version of previous manuscript.

Version: 20180321:042901 (All versions of this report)

Short URL: ia.cr/2016/008

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]