Abstract
Abstract. A mix network is a cryptographic construction that enables a group of players to permute and re-encrypt a sequence of ciphertexts so as to hide the relationship between input and output ciphertexts. In this paper, we propose a mix network known as Millimix. In constrast to other proposed constructions, Millimix enjoys a very high level of computational efficiency on small input batches, that is, batches of several thousand items or smaller. Additionally, Millmix possesses the full set of properties typically sought, but generally unavailable in many other mix network constructions, including public verifiability, robustness against malicious coalitions of players, and strong privacy guarantees. Millimix therefore promises to serve as a useful and practical complement to existing mix network constructions.