Paper 2023/1942

Traceable mixnets

Prashant Agrawal, Indian Institute of Technology Delhi, Ashoka University
Abhinav Nakarmi, University of Michigan–Ann Arbor
Mahabir Prasad Jhanwar, Ashoka University
Subodh Vishnu Sharma, Indian Institute of Technology Delhi
Subhashis Banerjee, Indian Institute of Technology Delhi, Ashoka University
Abstract

We introduce the notion of traceable mixnets. In a traditional mixnet, multiple mix-servers jointly permute and decrypt a list of ciphertexts to produce a list of plaintexts, along with a proof of correctness, such that the association between individual ciphertexts and plaintexts remains completely hidden. However, in many applications, the privacy-utility tradeoff requires answering some specific queries about this association, without revealing any information beyond the query result. We consider queries of the following types: a) given a ciphertext in the mixnet input list, whether it encrypts one of a given subset of plaintexts in the output list, and b) given a plaintext in the mixnet output list, whether it is a decryption of one of a given subset of ciphertexts in the input list. Traceable mixnets allow the mix-servers to jointly prove answers to the above queries to a querier such that neither the querier nor a threshold number of mix-servers learn any information beyond the query result. Further, if the querier is not corrupted, the corrupted mix-servers do not even learn the query result. We first comprehensively formalise these security properties of traceable mixnets and then propose a construction of traceable mixnets using novel distributed zero-knowledge proofs (ZKPs) of set membership and of a statement we call reverse set membership. Although set membership has been studied in the single-prover setting, the main challenge in our distributed setting lies in making sure that none of the mix-servers learn the association between ciphertexts and plaintexts during the proof. We implement our distributed ZKPs and show that they are faster than state-of-the-art by at least one order of magnitude.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. PETS (Privacy Enhancing Technologies Symposium) 2024
Keywords
verifiable mixnetstraceabilitydistributed zero-knowledge proofsset membershipreverse set membership
Contact author(s)
prashant @ cse iitd ac in
nakarmi @ umich edu
mahavir jhawar @ ashoka edu in
svs @ cse iitd ac in
suban @ ashoka edu in
History
2023-12-25: revised
2023-12-21: received
See all versions
Short URL
https://ia.cr/2023/1942
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1942,
      author = {Prashant Agrawal and Abhinav Nakarmi and Mahabir Prasad Jhanwar and Subodh Vishnu Sharma and Subhashis Banerjee},
      title = {Traceable mixnets},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1942},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1942}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.