Paper 2017/544

Securing Abe's Mix-net Against Malicious Verifiers via Witness Indistinguishability

Elette Boyle, Saleet Klein, Alon Rosen, and Gil Segev


We show that the simple and appealing unconditionally sound mix-net due to Abe (Asiacrypt'99) can be augmented to further guarantee anonymity against malicious verifiers. This additional guarantee implies, in particular, that when applying the Fiat-Shamir transform to the mix-net's underlying sub-protocols, anonymity is provably guaranteed for {\em any} hash function. As our main contribution, we demonstrate how anonymity can be attained, even if most sub-protocols of a mix-net are merely witness indistinguishable (WI). We instantiate our framework with two variants of Abe's mix-net. In the first variant, ElGamal ciphertexts are replaced by an alternative, yet equally efficient, "lossy" encryption scheme. In the second variant, new "dummy" vote ciphertexts are injected prior to the mixing process, and then removed. Our techniques center on new methods to introduce additional witnesses to the sub-protocols within the proof of security. This, in turn, enables us to leverage the WI guarantees against malicious verifiers. In our first instantiation, these witnesses follow somewhat naturally from the lossiness of the encryption scheme, whereas in our second instantiation they follow from leveraging combinatorial properties of the Benes-network. These approaches may be of independent interest. Finally, we demonstrate cases in Abe's original mix-net (without modification) where only one witness exists, such that if the WI proof leaks information on the (single) witness in these cases, then the system will not be anonymous against malicious verifiers.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
mix-netswitness indistinguishabilityBenes network
Contact author(s)
saleet @ mit edu
2018-03-01: revised
2017-06-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Elette Boyle and Saleet Klein and Alon Rosen and Gil Segev},
      title = {Securing Abe's Mix-net Against Malicious Verifiers via Witness Indistinguishability},
      howpublished = {Cryptology ePrint Archive, Paper 2017/544},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.