Abstract: We analysed Gao et al.’s (t, N-2)-resilient Mix Net scheme and found some serious security flaws in their design. In order to break Mix Net’s privacy, an active attacker can construct a list of ciphertexts with some relativity by utilizing the malleability of the ElGamal encryption scheme, and then observe the corresponding relativity of plaintexts to get the relationship between input and output elements. The malicious servers from two different groups can initiate collusion attacks proposed by this paper to make the Mix Net system output wrong and cheat the verifying protocol with non-negligible probability of success. The result of analysis shows that Gao et al.’s scheme does not satisfy (t, N-2)-resilience and that the electronic voting application based on their Mix Net is also insecure.

Key words: anonymous communication, Mix Net, collusion attacks