Comparison of commitment schemes used in mix-mediated anonymous communication for preventing pool-mode attacks

Abstract

Mixes allow anonymous communication. They hide the communication relation between sender and recipient and, thereby, guarantee that messages are untraceable in an electronic communication network. Nonetheless, depending on the strength of the attacker, several known attacks on mixes still allow the tracing of messages through the network. We discuss a tricky (n-l)-attack by mixes in pool-mode, which is commonly used as mix configuration: Such an attacking mix is able to ’randomly’ delay messages in order to provide a stream of messages of its choosing to the next mix(es). If the attacking mix delays all hut one message, it can trace the message it is interested in. The special problem is that this attack is not detectable by the users as the behavior of the mix is completely legitimate. The chances of preventing such pool-mode attacks depend on how well the users can check the mixes in performing their tasks. We present two possible solutions of checking the mix’ functionality. They enable the detection of such attacks and, therefore, improve this situation. We suggest the usage of commitment schemes, which are applied to determine the random choices of mixes beforehand, and describe their protocols in detail. We compare the commitment scheme for decisions on single messages and the commitment scheme for decisions on hash values of messages.