DOCSLIB.ORG

University of Nevada, Reno Anonymous Communication Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

University of Nevada, Reno Anonymous Communication Systems: Usage Analysis and Attack Mechanisms A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Science by Esra Erdin Dr. Mehmet Hadi Gunes/Thesis Advisor May, 2012 THE GRADUATE SCHOOL We recommend that the thesis prepared under our supervision by ESRA ERDIN entitled Anonymous Communication Systems: Usage Analysis And Attack Mechanisms be accepted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Mehmet Hadi Gunes, Ph. D., Advisor George Bebis, Ph. D., Committee Member Murat Yuksel, Ph. D., Committee Member Cahit Evrensel, Ph. D., Graduate School Representative Marsha H. Read, Ph. D., Dean, Graduate School May, 2012 i Abstract Privacy in communication has been an essential security requirement with the rapid growth of Internet. This has resulted in growing interest in methods for anonymous communication. Several system designs have been developed with the common aim of preserving communication privacy within the shared network environment. In this study, the structure of these systems is explained and an analysis of current anonymity technologies; proxy servers, remailers, JAP, Tor and I2P, is presented. Because Tor is the largest anonymity system currently in use, a detailed analysis is also presented. Moreover, growing interest in anonymity systems resulted in several de-anonymization techniques developed to exploit these anonymous communication systems. These techniques are also explained to better understand the security threats of anonymous communication. ii Acknowledgments I would like to express my deepest gratitude to my advisor Dr. Mehmet Hadi Gunes for his guidance, understanding and patience he showed during this study. I also would like to thank to my colleagues BingDong Li and Christopher Zachor for their effort and help to put together this project. Finally, I could never have been able to finish this thesis without the endless support and love of my family. With all my sincerity, I would like to thank to my family. This work was supported in part by National Institute of Justice with grant number 2010-DN-BX-K248. Esra Erdin University of Nevada, Reno May 2012 iii Contents Abstract i Acknowledgments ii List of Figures v Chapter 1 Introduction 1 Chapter2 AnonymizationTechnologyUsage 6 2.1 ProxyServer................................ 6 2.2 Remailer.................................. 8 2.3 MixNetwork ............................... 11 2.4 OnionRouting .............................. 13 2.4.1 TheOnionRouting........................ 14 2.4.2 InvisibleInternetProject. 21 Chapter 3 Tor Usage Analysis 24 3.1 RelatedWork ............................... 24 3.2 TorMeasurementStudy ......................... 25 Chapter 4 Application Perspective 30 iv Chapter 5 Deanonymization 33 5.1 Clickjacking ................................ 33 5.2 CodeInjection............................... 36 5.3 WebsiteFingerprinting . 36 5.4 ActiveDocuments............................. 37 5.4.1 PdfDocuments .......................... 37 5.4.2 MacroWordAttacks . 38 5.5 URIMethods ............................... 40 5.6 Network-LevelAttacks . 42 5.6.1 TimingAttack .......................... 42 5.6.2 PredecessorAttack . 43 5.6.3 IntersectionAttack . 43 5.6.4 MultiplicationAttack. 43 5.6.5 CircuitClogging ......................... 44 Chapter6 ConclusionsandFutureWork 45 Bibliography 47 v List of Figures 2.1 ProxyServer................................ 7 2.2 Geographic Proxy Distribution (log-scale) . ..... 9 2.3 Geographic Proxy Distribution (cont.) (log-scale) . ........ 10 2.4 Remailer Geo-Distribution (log-scale) . ..... 11 2.5 AMixProcess............................... 12 2.6 JAPGeo-Distribution(logscale) . 13 2.7 TheOnionRouter(Tor)communication . 15 2.8 Geographic Tor Server Distribution (log-scale) . ....... 17 2.9 Geographic Tor Server Distribution (cont.) (log-scale)......... 18 2.10 Geographic Tor Bandwidth Conribution (log-scale) . ....... 19 2.11 Geographic Tor Bandwidth Conribution (cont.) (log-scale) ...... 20 2.12 Geographic I2P Server Distribution (log-scale) . ........ 22 2.13 Geographic I2PBandwidth Contribution (log-scale) . ........ 23 3.1 TorUsage(log-scale) ........................... 27 3.2 GeographicTORServerDistribution . 28 3.3 GeographicTORUserDistribution . 28 3.4 Client Version Distribution (log-scale) . ...... 29 vi 4.1 CombinedSpamData .......................... 32 5.1 A link on the website that provides clickjacking . ..... 34 5.2 JavaScriptCode.............................. 35 5.3 FacebookLikepage............................ 36 5.4 CreatingButtoninPdfFile . 38 5.5 FeaturesofButtonField . 39 5.6 EmbeddedVideoFile........................... 40 5.7 FeaturesofEmbeddingOperation . 41 1 Chapter 1 Introduction Privacy in communication has been an essential security requirement with the rapid growth of the Internet. Each time when we visit a website or send an email, our client sends packets of data through the Internet that contain essential information like who is sending the message and who is the receiver of the packet. Although the data transmitting via several hops from source to the destination may be encrypted, IP header is still visible to an observer. Adversaries can access significant information about the traffic carried between the sender and the receiver of the data. By observing communication through a link, third parties can easily identify who is communicating with whom based on source and destination IP addresses. The term anonymizer refers to varios tools that help the users to keep their activities private. Many situations like freedom of speech, anticensorship issues caused a growing interest in anonymous communication through the Internet. There are different situations in which someone wants to communicate anonymously on the Internet. Some organizations such as governments, military services may want some topics to remain secret as they are so critical and significant and their exposure may 2 be inconvenient or harmful to an investigation. Law enforcement agencies may want to design online forms that people can provide hint or other information they may have without the fear of retribution or punishment. Even private citizens may want to browse the Web without advertisers collecting statistics on their personal browsing habits. There are also people living under oppressive regimes that try to limit the rights of their citizens especially on the Internet [17]. Citizens of oppressive countries can express their thoughts, ideas through anonymizer networks. Because of all the situations mentioned above, researchers design anonymity systems that build an overlay network running on top of the Internet. By using anonymizer systems, a user can communicate with another one without revealing their identities like IP addresses and location. Since milestone research on anonymous communications Chaum [12], research on these systems has extended to many areas. Anonymous communication, traf- fic analysis, provable shuffles, anonymous emails, anonymous publications, private information retrieval, taxonomy, security and improvement, communication censor- ship, and anonymous voting are some of the areas that researchers have focused on [3,14,17,27]. Several anonymity services are provided by either commercial com- panies or open source developers. Anonymizer.com is one of the commercial websites that requires its users to pay a subscription fee to keep their identity private while browsing web via Anonymizer.com servers. Moreover, Tor Onion Router (TOR) [16] and Invisible Internet Project (I2P) [4] are open source systems which are hosted by volunteers. A communication network is composed of messages, senders, that send mes- sages, and recipients, that receive messages. Sender and recipient can be any client, server or peer in a communication network. These subjects exchange messages via 3 public communication channels. There is also a possibility to be an attacker who may be interested in monitoring the traffic transmitted between sender and recipient. The attacker can be outside of the communication network, or inside of the communica- tion network. In order to better understand anonymous communication systems, it is essential to understand the terms anonymity, unlinkability, and unobservability. Anonymity: In their proposal Pfitzman and Hansen describe anonymity as ¨the state of being not identifiable within a set of subjects, the anonymity set” [37]. All subjects that can cause an action constitute the anonymity set. In other words, a message can possibly be sent by any of the senders who belong to his/her sender anonymity set and, similarly, a message can be received by any recipient who might be anonymous within a set of recipient anonymity set. Here, we can consider a subject as a client, server or peer in a network. All subjects might have their own anonymity sets. Unlinkability: A subject of the system can make multiple uses of a resource without an adversar being able to link to these uses to the particular subject [41]. In other words, an adversary observing the senders and recipients of a network is unable to identify the communicating parties and the ability of understanding the communication between joined parties does not increase by observing the network. The relation between anonymity and unlinkability is that anonymity of an item in a system is not linkable to any particular identity and the anonymity of a particular identity is not linkable to any item [41]. More clearly, any particular
Recommended publications
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses

    Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses

    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
  • In Computer Networks, A

    In Computer Networks, A

    Practical No.1 Date:- Title:- Installation of Proxy-Server Windows Server 2003 What is proxy server? In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request wit hout contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly . Most proxies are a web proxy, allowing access to content on the World Wide Web. A proxy server has a large variety of potential purposes, including: To keep machines behind it anonymous (mainly for security).[1] To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2] To apply access policy to network services or content, e.g. to block undesired sites. To log / audit usage, i.e. to provide company employee Internet usage reporting. To bypass security/ parental controls. To scan transmitted content for malware before delivery.
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • How to Download Torrent Anonymously How to Download Torrent Anonymously

    How to Download Torrent Anonymously How to Download Torrent Anonymously

    how to download torrent anonymously How to download torrent anonymously. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 66b6c3aaaba884c8 • Your IP : 188.246.226.140 • Performance & security by Cloudflare. Download Torrents Anonymously: 6 Safe And Easy Ways. Who doesn’t want to know how to download torrents anonymously? The thing is, in order to download torrents anonymously you don’t need to have a lot of technical know-how. All you need to download torrents anonymously is some grit and a computer with an internet connection. The technology world never remains the same. In fact, new development and discoveries come to the surface of this industry every day. They also come into the attention of online users every year. Moreover, this allows us to do much more than we could do in the past, in faster and easier ways. A highly relevant aspect to mention at this stage is that: Now we can also download torrents anonymously from best torrent sites.
  • World-Wide Web Proxies

    World-Wide Web Proxies

    World-Wide Web Proxies Ari Luotonen, CERN Kevin Altis, Intel April 1994 Abstract 1.0 Introduction A WWW proxy server, proxy for short, provides access to The primary use of proxies is to allow access to the Web the Web for people on closed subnets who can only access from within a firewall (Fig. 1). A proxy is a special HTTP the Internet through a firewall machine. The hypertext [HTTP] server that typically runs on a firewall machine. server developed at CERN, cern_httpd, is capable of run- The proxy waits for a request from inside the firewall, for- ning as a proxy, providing seamless external access to wards the request to the remote server outside the firewall, HTTP, Gopher, WAIS and FTP. reads the response and then sends it back to the client. cern_httpd has had gateway features for a long time, but In the usual case, the same proxy is used by all the clients only this spring they were extended to support all the within a given subnet. This makes it possible for the proxy methods in the HTTP protocol used by WWW clients. Cli- to do efficient caching of documents that are requested by ents don’t lose any functionality by going through a proxy, a number of clients. except special processing they may have done for non- native Web protocols such as Gopher and FTP. The ability to cache documents also makes proxies attrac- tive to those not inside a firewall. Setting up a proxy server A brand new feature is caching performed by the proxy, is easy, and the most popular Web client programs already resulting in shorter response times after the first document have proxy support built in.
  • Mixminion: Design of a Type III Anonymous Remailer Protocol

    Mixminion: Design of a Type III Anonymous Remailer Protocol

    Mixminion: Design of a Type III Anonymous Remailer Protocol G. Danezis, R. Dingledine, N. Mathewson IEEE S&P 2003 Presented by B. Choi in cs6461 Computer Science Michigan Tech Motivation ● Anonymous email only – High latency vs. near real-time (onion routing) ● Anonymous email implementations – Type 1: Cypherpunk (80’s) ● vulnerable to replay attacks – Type 2: Mixmaster(92) ● message padding and pooling – Type 3: Mixminion (2003) ● Anonymous Replies! Reply block? ● Most or many systems support sender anonymity ● Pynchon Gate supports receiver anonymity in an interesting way (P2P file sharing: 2005) – Send everything to everywhere (everyone) ● Is receiver anonymity too hard to achieve? – First of all, receiver has to use pseudonyms ● Pseudonym policy: how many, valid period, ... Reply blocks ● Chaum(‘81), BABEL (‘96), Mixmaster (92) .. – Entire path is chosen by the sender ● Variations are possible ● BABEL RPI is invisible to passive external attackers ● BABEL RPI is visible to internal passive attackers (mix) – Can be used multiple times? ● Good for communication efficiency ● Bad for anonymity due to potential path information leaking ● Adversary could utilize the pattern of the same reply block Fundamental solution to the reply block problem? ● One way is to use single-use reply blocks (SURB) ● Reply messages are indistinguishable from forward messages even to mix nodes ● Effect: both reply and forward messages share the same anonymity set ● SURB ● How to design SURB? – Sender generates SURB – To defeat replay, each intermediate node
  • The Design, Implementation and Operation of an Email Pseudonym Server

    The Design, Implementation and Operation of an Email Pseudonym Server

    The Design, Implementation and Operation of an Email Pseudonym Server David Mazieres` and M. Frans Kaashoek MIT Laboratory for Computer Science 545 Technology Square, Cambridge MA 02139 Abstract Attacks on servers that provide anonymity generally fall into two categories: attempts to expose anonymous users and attempts to silence them. Much existing work concentrates on withstanding the former, but the threat of the latter is equally real. One particularly effective attack against anonymous servers is to abuse them and stir up enough trouble that they must shut down. This paper describes the design, implementation, and operation of nym.alias.net, a server providing untraceable email aliases. We enumerate many kinds of abuse the system has weath- ered during two years of operation, and explain the measures we enacted in response. From our experiences, we distill several principles by which one can protect anonymous servers from similar attacks. 1 Introduction Anonymous on-line speech serves many purposes ranging from fighting oppressive government censorship to giving university professors feedback on teaching. Of course, the availability of anonymous speech also leads to many forms of abuse, including harassment, mail bombing and even bulk emailing. Servers providing anonymity are particularly vulnerable to flooding and denial-of-service attacks. Concerns for the privacy of legitimate users make it impractical to keep usage logs. Even with logs, the very design of an anonymous service generally makes it difficult to track down attackers. Worse yet, attempts to block problematic messages with manually-tuned filters can easily evolve into censorship—people unhappy with anonymous users will purposefully abuse a server if by doing so they can get legitimate messages filtered.
  • Privacy-Enhancing Technologies for the Internet

    Privacy-Enhancing Technologies for the Internet

    Privacy-enhancing technologies for the Internet Ian Goldberg David Wagner Eric Brewer University of California, Berkeley iang,daw,brewer ¡ @cs.berkeley.edu Abstract ing privacy issues on the Internet, and Section 3 provides some relevant background. We then discuss Internet pri- The increased use of the Internet for everyday activi- vacy technology chronologically, in three parts: Section 4 ties is bringing new threats to personal privacy. This pa- describes the technology of yesterday, Section 5 explains per gives an overview of existing and potential privacy- today’s technology, and Section 6 explores the technology enhancing technologies for the Internet, as well as moti- of tomorrow. Finally, we conclude in Section 7. vation and challenges for future work in this field. 2. Motivation 1. Introduction The threats to one’s privacy on the Internet are two-fold: your online actions could be (1) monitored by unauthorized Recently the Internet has seen tremendous growth, with parties and (2) logged and preserved for future access many the ranks of new users swelling at ever-increasing rates. years later. You might not realize that your personal infor- This expansion has catapulted it from the realm of academic mation has been monitored, logged, and subsequently dis- research towards new-found mainstream acceptance and in- closed; those who would compromise your privacy have no creased social relevance for the everyday individual. Yet incentive to warn you. this suddenly increased reliance on the Internet has the po- The threat of long-term storage and eventual disclosure tential to erode personal privacies we once took for granted. of personal information is especially acute on the Internet.
  • A Concept of an Anonymous Direct P2P Distribution Overlay System

    A Concept of an Anonymous Direct P2P Distribution Overlay System

    22nd International Conference on Advanced Information Networking and Applications A Concept of an Anonymous Direct P2P Distribution Overlay System Igor Margasiński, Michał Pióro Institute of Telecommunications, Warsaw University of Technology {I.Margasinski, M.Pioro}@tele.pw.edu.pl Abstract an anonymous network composed of nodes called Mixes that forward anonymous messages. The strength The paper introduces a peer-to-peer system called of the solution consists in: (i) a specific operation of P2PRIV (peer-to-peer direct and anonymous nodes which “mixes” forwarded messages, and (ii) an distribution overlay). Basic novel features of P2PRIV asymmetric encryption of messages exchanged are: (i) a peer-to-peer parallel content exchange between them. The purpose of such mixing is to hide architecture, and (ii) separation of the anonymization the correlation between received and forwarded process from the transport function. These features messages. In general, received data units are padded to allow a considerable saving of service time while a constant size length, encrypted, delayed for a batch preserving high degree of anonymity. In the paper we aggregation and then sent (flushed) in a random order. evaluate anonymity measures of P2PRIV (using a Anonymous messages are sent usually via a chain of normalized entropy measurement model) as well as its Mixes to eliminate presence of a trusted party and also traffic measures (including service time and network to omit single point of failure imposed by a single Mix. dynamics), and compare anonymity and traffic In Mix-net, each message is encrypted recursively with performance of P2PRIV with a well known system public keys of Mixes from a forwarding path.
  • Social Network Based Anonymous Communication in Tor Peng Zhou, Xiapu Luo, Ang Chen, and Rocky K

    Social Network Based Anonymous Communication in Tor Peng Zhou, Xiapu Luo, Ang Chen, and Rocky K

    1 STor: Social Network based Anonymous Communication in Tor Peng Zhou, Xiapu Luo, Ang Chen, and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University, Hunghom, Hong Kong cspzhouroc,csxluo,csachen,csrchang @comp.polyu.edu.hk f g Abstract—Anonymity networks hide user identities with the help of relayed anonymity routers. However, the state-of-the-art anonymity networks do not provide an effective trust model. As a result, users cannot circumvent malicious or vulnerable routers, thus making them susceptible to malicious router based attacks (e.g., correlation attacks). In this paper, we propose a novel social network based trust model to help anonymity networks circumvent malicious routers and obtain secure anonymity. In particular, we design an input independent fuzzy model to determine trust relationships between friends based on qualitative and quantitative social attributes, both of which can be readily obtained from existing social networks. Moreover, we design an algorithm for propagating trust over an anonymity network. We integrate these two elements in STor, a novel social network based Tor. We have implemented STor by modifying the Tor’s source code and conducted experiments on PlanetLab to evaluate the effectiveness of STor. Both simulation and PlanetLab experiment results have demonstrated that STor can achieve secure anonymity by establishing trust-based circuits in a distributed way. Although the design of STor is based on Tor network, the social network based trust model can be adopted by other anonymity networks. Index Terms—Social Network, Anonymous Communication, Tor, Fuzzy Model F 1 INTRODUCTION alone can be easily bypassed by an attacker.
  • Technical and Legal Overview of the Tor Anonymity Network

    Technical and Legal Overview of the Tor Anonymity Network

    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
  • El Gamal Mix-Nets and Implementation of a Verifier

    El Gamal Mix-Nets and Implementation of a Verifier

    KTH Royal Institute of Technology School of Computer Science and Communication El Gamal Mix-Nets and Implementation of a Verifier SA104X Degree Project in Engineering Physics Erik Larsson ([email protected]) Carl Svensson ([email protected]) Supervisor: Douglas Wikstr¨om Abstract A mix-net is a cryptographic protocol based on public key cryptography which enables untraceable communication through a collection of nodes. One important application is electronic voting where it enables the construction of systems which satisfies many voting security requirements, including veri- fiability of correct execution. Verificatum is an implementation of a mix-net by Douglas Wikstr¨om. This report concerns the implementation of a verifier and evaluation of the implementation manual for the Verificatum mix-net. The purpose of the document is to enable third parties to convince themselves that the mix- net has behaved correctly without revealing any secret information. This implementation is a simple version of the verifier using the document and some test vectors generated by the mix-net. The document contains all information but there are still some possibilities for further clarification in order to make it comprehensible to a larger audience. Contents 1 Introduction 2 1.1 Verificatum . 2 1.2 Goals and Scope . 3 2 Background 3 2.1 El Gamal Cryptography . 3 2.1.1 Definition . 4 2.1.2 Security . 4 2.1.3 Properties . 5 2.2 Cryptographic Primitives . 6 2.2.1 Hash functions . 6 2.2.2 Pseudo Random Generators . 6 2.2.3 Random Oracles . 7 2.3 Mix Networks . 7 2.3.1 Overview . 7 2.3.2 El Gamal Mix-Nets .