Fragile mixing
No matter how well designed and engineered, a mix server offers little protection if its administrator can be convinced to log and selectively disclose correspondences between its input and output messages, either for profit or to cooperate with an investigation. In this paper we propose a technique, fragile mixing, to discourage an administrator from revealing such correspondences, assuming he is motivated to protect the unlinkability of other communications that flow through the mix (e.g., his own). Briefly, fragile mixing implements the property that any disclosure of an input-message-to-output-message correspondence discloses all such correspondences for that batch of output messages. We detail this technique in the context of a re-encryption mix, its integration with a mix network, and incentive and efficiency issues. Copyright 2004 ACM.
