Flaws in Robust Optimistic Mix-Nets and Stronger Security Notions(Protocol, <Special Section>Cryptography and Information Security)
スポンサーリンク
概要
- 論文の詳細を見る
Contribution of this paper is twofold : First we introduce weaknesses of two Mix-nets claimed to be robust in the literature. Since such flaws are due to their weak security definitions, we then present a stronger security definition by regarding a Mix-net as a batch decryption algorithm of a CCA secure public-key encryption scheme. We show two concrete attacks on the schemes proposed in [1] and [2]. The scheme in [1] loses anonymity in the presence of a malicious user even though all servers are honest. The scheme in [2] also loses anonymity through the collaboration of a malicious user and the first server. In the later case the user can identify the plaintext sent from the targeted user by invoking two mix sessions at the risk of the colluding server receiving an accusation. We also point out that in a certain case, anonymity is violated solely by the user without colluding to any server. Heuristic repairs are provided for both schemes.
- 社団法人電子情報通信学会の論文
- 2006-01-01
著者
-
Imai Hideki
Aist Tokyo Jpn
-
Abe Masayuki
Ntt Corp. Musashino‐shi Jpn
-
IMAI Hideki
Information and Systems, Institute of Industrial Science, The university of Tokyo
-
ABE Masayuki
NTT Information Sharing Platform Laboratories, NTT Corporation
-
Abe Masayuki
Ntt Information Sharing Platform Laboratories Ntt Corporation
-
Imai Hideki
National Inst. Of Advanced Industrial Sci. & Technol. (aist) Tokyo Jpn
-
Abe Masayuki
Ntt Information Sharing Platform Laboratories
-
Imai Hideki
Information & Systems Institute Of Industrial Science The University Of Tokyo
関連論文
- Traitor Tracing Scheme Secure against Adaptive Key Exposure and its Application to Anywhere TV Service(Discrete Mathematics and Its Applications)
- Smallest Size of Circulant Matrix for Regular (3, L) and (4, L) Quasi-Cyclic LDPC Codes with Girth 6
- New Security Architecture for Mobile IPv6 Networks
- Notes on Formal Methods Used for Verification of the Security Properties of Protocols Used in Wireless Environment
- A Leakage-Resilient Network Storage System
- Security Analysis of Password-based Protocols via FDR and AVISPA
- A Secure and Lightweight Authenticated Key Exchange Protocol for Wireless Networks
- Chosen Ciphertext Security with Optimal Ciphertext Overhead
- Flaws in Robust Optimistic Mix-Nets and Stronger Security Notions(Protocol, Cryptography and Information Security)
- Spectroscopic Studies of the Solar Corona I. Spatial Variations in Line Parameters of Green and Red Coronal Lines
- Daily Urinary Excretion of Bisphenol A
- Tag-KEM from Set Partial Domain One-Way Permutations
- Formal Security Treatments for IBE-to-Signature Transformation : Relations among Security Notions
- A Strongly Unforgeable Signature under the CDH Assumption without Collision Resistant Hash Functions
- Key-Insulated Public Key Encryption with Auxiliary Helper Key : Model, Constructions and Formal Security Proofs(Information Theory and Its Applications)
- Efficient Identity-Based Encryption with Tight Security Reduction(Information Theory and Its Applications)
- A New Key-Insulated Public Key Encryption Scheme with Auxiliary Helper Key
- Managing Encryption and Key Publication Independently in Digital Rights Management Systems (Applications) (Cryptography and Information Security)
- Practical Broadcast Encryption from Graph-Theoretic Techniques and Subset-Incremental-Chain Structure(Application,Cryptography and Information Security)
- On the Definitions of Anonymity for Ring Signatures
- Flexible-Routing Anonymous Networks Using Optimal Length of Ciphertext(Application)(Cryptography and Information Security)
- A Trade-off Traitor Tracing Scheme
- 1-out-of-n Signatures from a Variety of Keys (Asymmetric Cipher) (Cryptography and Information Security)
- Universally Composable and Statistically Secure Verifiable Secret Sharing Scheme Based on Pre-Distributed Data
- How to Break COT-Based Fingerprinting Schemes and Design New One(Cryptography and Information Security, Information Theory and Its Applications)
- M+1-st Price Auction Using Homomorphic Encryption(Special Section on Cryptography and Information Security)
- Lenient/Strict Batch Verification in Several Groups(Special Section on Cryptography and Information Security)
- Delegation Chains Secure up to Constant Length(Special Section on Cryptography and Information Security)
- Universally Verifiable Mix-Net with Verification Work Independent of the Number of Mix-Servers
- Homophonic Substitution with a Memory Source and its Application