How Secure Are The Main Real-World Mix Networks — Case Studies To Explore Vulnerabilities And Usability

Abstract

Mix net is the most frequently used secure MPC (multi-party computation) application in the real world, where multiple routers cooperates to anonymise a batch of data. It builds an important network security mechanism to implement anonymous communication and has a wide range of applications like AI training and online services. So far, security of mix nets is only analysed in theoretic cryptographic models, and their security in real-world systems has not drawn enough attention from researchers. In this paper, several popular commercial mix net services are surveyed and they have a common strategy: developing an academic shuffling scheme into a real-world mix net system and assuming that its theoretic security properties can guarantee robustness of the systems in practical usages. Our analysis illustrates that the straightforward assumption is not reliable and a mix net has to face various challenges and attackers beyond their academic prototypes estimate. Especially, we show that in practice some users of a mix net may collude with the service providers to compromise reliability of the mix net, which is a realistic environment factor usually ignored in cryptographic protocol design. So, the anonymous communication services based on mix net in practical usage are not so reliable as widely believed and their applications in network security have non-negligible vulnerabilities or risks.