Attack for Flash MIX [chapter]

Masashi Mitomo, Kaoru Kurosawa
2000 Lecture Notes in Computer Science  
A MIX net takes a list of ciphertexts (c1, · · · , cN ) and outputs a permuted list of the plaintexts (m1, · · · , mN ) without revealing the relationship between (c1, · · · , cN ) and (m1, · · · , mN ). This paper shows that the Jakobsson's flash MIX of PODC'99, which was believed to be the most efficient robust MIX net, is broken. The first MIX server can prevent computing the correct output with probability 1 in our attack. We also present a countermeasure for our attack.
doi:10.1007/3-540-44448-3_15 fatcat:gh2gr72kojbarn64rvsntspprq