Toward Round-Efficient Verifiable Re-Encryption Mix-Net

Abstract

Re-encryption mix-nets (RMNs) provide an efficient, cryptographic, anonymous channel for useful applications, such as e-voting and web browsing. Many studies have been devoted to achieving practically efficient RMN protocols, but less attention has been paid to addressing their round efficiency than to computation and communication measures. However, in many interactive cryptographic protocols, network latency governs the overall execution time. Because e-voting systems are particularly interaction intensive, the design of a round-efficient RMN protocol is of particular interest. We propose a constant-round RMN protocol in a three-party model that consists of senders, mix servers and some number of receivers. Here, the main role of the receivers is to jointly decrypt a list of ciphertexts obtained from the mixing stage. Such an explicit three-party model is most suitable for e-voting applications. We define an ideal three-party RMN in the universally composable (UC) framework. We then present a constant-round RMN protocol based on the standard assumptions and prove that it UC realizes the ideal three-party RMN with respect to a static adversary that can corrupt a minority of mix servers, disallowing receivers who collude with other players.We implement and evaluate our RMN protocol over various ranges of the numbers of senders and mix servers. Our evaluation shows that our protocol runs up to 2.5× faster than the Universal RMN protocol. In addition, we provide a detailed theoretical analysis of our protocol in terms of computation, transmission, and round efficiency.