Paper 2023/1942
Traceable mixnets
Abstract
We introduce the notion of traceable mixnets. In a traditional mixnet, multiple mix-servers jointly permute and decrypt a list of ciphertexts to produce a list of plaintexts, along with a proof of correctness, such that the association between individual ciphertexts and plaintexts remains completely hidden. However, in many applications, the privacy-utility tradeoff requires answering some specific queries about this association, without revealing any information beyond the query result. We consider queries of the following types: a) given a ciphertext in the mixnet input list, whether it encrypts one of a given subset of plaintexts in the output list, and b) given a plaintext in the mixnet output list, whether it is a decryption of one of a given subset of ciphertexts in the input list. Traceable mixnets allow the mix-servers to jointly prove answers to the above queries to a querier such that neither the querier nor a threshold number of mix-servers learn any information beyond the query result. Further, if the querier is not corrupted, the corrupted mix-servers do not even learn the query result. We first comprehensively formalise these security properties of traceable mixnets and then propose a construction of traceable mixnets using novel distributed zero-knowledge proofs (ZKPs) of set membership and of a statement we call reverse set membership. Although set membership has been studied in the single-prover setting, the main challenge in our distributed setting lies in making sure that none of the mix-servers learn the association between ciphertexts and plaintexts during the proof. We implement our distributed ZKPs and show that they are faster than state-of-the-art by at least one order of magnitude.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. PETS (Privacy Enhancing Technologies Symposium) 2024
- Keywords
- verifiable mixnetstraceabilitydistributed zero-knowledge proofsset membershipreverse set membership
- Contact author(s)
-
prashant @ cse iitd ac in
nakarmi @ umich edu
mahavir jhawar @ ashoka edu in
svs @ cse iitd ac in
suban @ ashoka edu in - History
- 2023-12-25: revised
- 2023-12-21: received
- See all versions
- Short URL
- https://ia.cr/2023/1942
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1942, author = {Prashant Agrawal and Abhinav Nakarmi and Mahabir Prasad Jhanwar and Subodh Vishnu Sharma and Subhashis Banerjee}, title = {Traceable mixnets}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1942}, year = {2023}, url = {https://eprint.iacr.org/2023/1942} }