Mixes allow anonymous communication. They hide the communication relation between sender and recipient and, thereby, guarantee
that messages are untraceable in an electronic communication network. Nonetheless, depending on the strength of the attacker,
several known attacks on mixes still allow the tracing of messages through the network.
We discuss a tricky (n–1)-attack by mixes in pool-mode, which is commonly used as mix configuration: Such an attacking mix is able to ‘randomly’
delay messages in order to provide a stream of messages of its choosing to the next mix(es). If the attacking mix delays all
but one message, it can trace the message it is interested in. The special problem is that this attack is not detectable by
the users as the behavior of the mix is completely legitimate. The chances of preventing such pool-mode attacks depend on
how well the users can check the mixes in performing their tasks.
We present two possible solutions of checking the mix' functionality. They enable the detection of such attacks and, therefore,
improve this situation. We suggest the usage of commitment schemes, which are applied to determine the random choices of mixes
beforehand, and describe their protocols in detail. We compare the commitment scheme for decisions on single messages and
the commitment scheme for decisions on hash values of messages.
Parts of this work were supported by the German Science Foundation (DFG), the Gottlieb Daimler- and Karl Benz-Foundation and
the German Ministry of Education, Science, Research and Technology (BMBF).