REVIEW 2 major objections 1 minor 24 references
Reviewed by Pith at T0; open to challenge.
T0 means a machine referee read the full paper against a public rubric. The mark states how deep the mechanical check went, never who wrote it. the ladder, T0–T4 →
T0 review · grok-4.3
TrustMix provides anonymity in mobile ad hoc networks by shuffling messages within groups of locally trusted parties without a central authority.
2026-06-26 17:16 UTC pith:N63252BH
load-bearing objection TrustMix gives a concrete group-shuffle design for MANET anonymity without central parties or topology knowledge, but the mobility and loss issues are not shown to be handled. the 2 major comments →
TrustMix: How to Mix Messages in a Mobile Ad-hoc Network
The pith
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
TrustMix allows parties to form groups and forward messages through multiple such groups for anonymity. A user forwards a message to a nearby trusted party's group, where the group shuffles messages so that the incoming and outgoing messages cannot be linked. Anonymity is preserved as long as not all parties in the group are adversarial. Rate limits are enforced using linkable ring signatures that detect excessive sending without revealing who is sending. The security is proven in the random oracle model.
What carries the argument
The group-based message shuffling, where messages are mixed by all parties in a group before forwarding to other groups.
Load-bearing premise
A user can reliably locate at least one nearby party they subjectively consider trusted, and the group shuffling prevents linking even with mobility and packet loss.
What would settle it
An experiment demonstrating that messages can be linked by an adversary who controls only some members of a group, or a scenario where no trusted party is available within communication range.
If this is right
- Users need only one locally trusted contact to participate.
- Adversaries must compromise entire groups to de-anonymize messages.
- Rate limits can be maintained without exposing user identities.
- The system works on standard mobile devices with acceptable performance.
Where Pith is reading between the lines
- Similar group shuffling could apply to other decentralized communication systems.
- Real-world deployment would require robust ways to discover and select trusted parties.
- Further tests could examine performance under high mobility or with more devices.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper proposes TrustMix, a mix protocol for mobile ad-hoc networks (MANETs) without a central trusted party. Parties form groups; messages are forwarded through multiple groups where group members collectively shuffle them to provide unlinkability. A user needs only one nearby party they subjectively trust; anonymity is preserved unless the entire group is adversarial. Rate limiting is enforced via linkable ring signatures that detect excess messages without revealing identities. Security is claimed to be proven in the random oracle model. Anonymity is evaluated in an existing mix-network simulator (showing improvement), and a proof-of-concept Android implementation on 5 devices reports acceptable throughput.
Significance. If the central claims hold, the work is significant because it extends mix-network techniques to infrastructure-less MANETs, a setting where prior solutions require topology knowledge or trusted infrastructure. The group-shuffling approach and use of linkable ring signatures for decentralized rate limiting are technically interesting. Explicit strengths include the stated ROM security proof, use of an existing simulator for quantitative anonymity evaluation, and a real Android implementation demonstrating feasibility.
major comments (2)
- [Abstract / Security Proof] Abstract and security analysis: the unlinkability claim (anonymity holds unless the entire group is adversarial) is load-bearing for the central contribution, yet the ROM proof is stated without any indication that the model incorporates MANET channel dynamics (mobility-induced topology changes, packet loss, or dynamic group membership). This leaves open whether timing, path, or loss patterns can link messages even with honest group members.
- [Evaluation] Evaluation section: the simulator results are reported to show improved anonymity, but the description gives no evidence that the simulator was extended with MANET mobility models or lossy links; without this, the results do not directly support the claim that group shuffling works under the conditions stated in the weakest assumption.
minor comments (1)
- [Abstract] The abstract states that 'an existing mix-network simulator' is used but does not name the simulator or provide parameter settings; adding this would improve reproducibility.
Simulated Author's Rebuttal
We appreciate the referee's comments on the security model and evaluation. We address each point below and will make revisions to improve clarity on the assumptions in the security proof and the scope of the simulator evaluation.
read point-by-point responses
-
Referee: [Abstract / Security Proof] Abstract and security analysis: the unlinkability claim (anonymity holds unless the entire group is adversarial) is load-bearing for the central contribution, yet the ROM proof is stated without any indication that the model incorporates MANET channel dynamics (mobility-induced topology changes, packet loss, or dynamic group membership). This leaves open whether timing, path, or loss patterns can link messages even with honest group members.
Authors: The security proof establishes unlinkability under the assumption that messages reach the group members for collective shuffling. The random oracle model captures the cryptographic properties but abstracts the MANET channel as providing the necessary delivery for the protocol steps. We agree that the paper should more explicitly state these assumptions to address potential concerns about timing or loss-based linking. We will revise the security analysis to include a clear statement of the network model assumptions and explain why the group-based shuffling mitigates such attacks even in dynamic settings. revision: yes
-
Referee: [Evaluation] Evaluation section: the simulator results are reported to show improved anonymity, but the description gives no evidence that the simulator was extended with MANET mobility models or lossy links; without this, the results do not directly support the claim that group shuffling works under the conditions stated in the weakest assumption.
Authors: The evaluation demonstrates the anonymity gains from the multi-group shuffling mechanism using a standard mix network simulator. We acknowledge that the simulator does not incorporate MANET-specific features like mobility or packet loss. The real-world feasibility is instead shown through the Android prototype on mobile devices. We will update the evaluation section to clarify the purpose and limitations of the simulator results and discuss their relation to the MANET setting. revision: yes
Circularity Check
No circularity in derivation chain
full rationale
The paper defines a protocol for group-based mixing in MANETs, states a security proof in the random oracle model, evaluates anonymity via an existing external simulator, and reports an Android implementation. None of these steps reduce by construction to the protocol inputs; the ROM proof is a standard modeling technique external to the equations, the simulator is pre-existing, and no fitted parameters are renamed as predictions or self-citations invoked as load-bearing uniqueness results. The derivation chain is therefore self-contained.
Axiom & Free-Parameter Ledger
axioms (1)
- standard math Random oracle model
read the original abstract
Mix networks are a highly effective way to achieve anonymity, defending against a wide range of traffic-analysis attacks. However, mix networks are usually designed for infrastructure networks and cannot be directly applied in the context of mobile ad hoc networks (MANETs). The few existing solutions for MANETs require advance knowledge of the topology or a trusted central party. In this paper, we present TrustMix, a mix protocol for MANETs that operates without any central trusted party. In TrustMix, parties join groups and then messages are forwarded via multiple groups to provide anonymity. With TrustMix, users only need to find a party nearby that they consider trusted. They then forward the message to this party's group, and the party shuffles messages before forwarding to other groups, meaning that the original message and the forwarded message cannot be linked. Furthermore, even if the chosen party is adversarial, they can only break the anonymity if all parties in their group are adversarial as all of them contribute to the shuffling. In addition to anonymity, TrustMix also enforces rate limits on the number of messages through the use of linkable ring signatures, which allows detecting that parties send more messages that allowed without revealing identities. We prove the security of our protocol in the random oracle model. We evaluate its anonymity using an existing mix-network simulator and show that TrustMix significantly improves message anonymity. Finally, we present a proof-of-concept Android implementation and show that TrustMix achieves acceptable throughput with 5 mobile devices.
Figures
Reference graph
Works this paper leans on
-
[1]
Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekov´a
Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekov´a. Collective information security in large-scale urban protests: the case of hong kong. In Michael D. Bailey and Rachel Greenstadt, editors,30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, pages 3363–3380. USENIX Association, 2021
2021
-
[2]
Albrecht, Raphael Eikenberg, and Kenneth G
Martin R. Albrecht, Raphael Eikenberg, and Kenneth G. Paterson. Breaking bridgefy, again: Adopting libsignal is not enough. In Kevin R. B. Butler and Kurt Thomas, editors,31st USENIX Security Sympo- sium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, pages 269–286. USENIX Association, 2022
2022
-
[3]
https://anonymous.4open.science/r/trustmix-e4a7
Anonymous. https://anonymous.4open.science/r/trustmix-e4a7. Anony- mous code repository, 2026. Accessed: 2026-01
2026
-
[4]
Succinct non-interactive zero knowledge for a von neumann architecture
Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. Succinct non-interactive zero knowledge for a von neumann architecture. In Kevin Fu and Jaeyeon Jung, editors,Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, pages 781–796. USENIX Association, 2014
2014
-
[5]
Wallet databases with observers
David Chaum and Torben Pryds Pedersen. Wallet databases with observers. In Ernest F. Brickell, editor,Advances in Cryptology - CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings, volume 740 ofLecture Notes in Computer Science, pages 89–105. Springer, 1992
1992
-
[6]
Frank Denis, Edward Eaton, Tancr `ede Lepoint, and Christopher A. Wood. Key blinding for signature schemes. Internet-Draft draft-irtf- cfrg-signature-keyblinding-03, Internet Engineering Task Force, 2023
2023
-
[7]
Toward A practical multi-party private set union.Proc
Jiahui Gao, Son Nguyen, and Ni Trieu. Toward A practical multi-party private set union.Proc. Priv. Enhancing Technol., 2024(4):622–635, 2024
2024
-
[8]
Secure distributed key generation for discrete-log based cryptosystems
Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. Secure distributed key generation for discrete-log based cryptosystems. In Jacques Stern, editor,Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Crypto- graphic Techniques, Prague, Czech Republic, May 2-6, 1999, Proceed- ing, volume 1592 ofL...
1999
-
[9]
Nationalizing the internet to break a protest movement: Internet shut- down and counter-appropriation in iran of late 2019.Proc
Margarita Grinko, Sarvin Qalandar, Dave Randall, and V olker Wulf. Nationalizing the internet to break a protest movement: Internet shut- down and counter-appropriation in iran of late 2019.Proc. ACM Hum. Comput. Interact., 6(CSCW2):1–21, 2022
2019
-
[10]
Verifiable shuffle of large size ciphertexts
Jens Groth and Steve Lu. Verifiable shuffle of large size ciphertexts. In Tatsuaki Okamoto and Xiaoyun Wang, editors,Public Key Cryp- tography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings, volume 4450 ofLecture Notes in Computer Science, pages 377–392. Springer, 2007
2007
-
[11]
Mixim: Mixnet design decisions and empirical evaluation
Iness Ben Guirat, Devashish Gosain, and Claudia D ´ıaz. Mixim: Mixnet design decisions and empirical evaluation. InWPES ’21: Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society, Virtual Event, Korea, 15 November 2021, pages 33–37. ACM, 2021
2021
-
[12]
Nym credentials: Privacy-preserving decentralized iden- tity with blockchains
Harry Halpin. Nym credentials: Privacy-preserving decentralized iden- tity with blockchains. InCrypto Valley Conference on Blockchain Technology, CVCBT 2020, Rotkreuz, Switzerland, June 11-12, 2020, pages 56–67. IEEE, 2020
2020
-
[13]
Springer, 2004
Darryl Hankerson, Alfred Menezes, and Scott Vanstone.Guide to Elliptic Curve Cryptography. Springer, 2004
2004
-
[14]
Jois, Nelly Fazio, and James Mickens
David Inyangson, Sarah Radway, Tushar M. Jois, Nelly Fazio, and James Mickens. Amigo: Secure group mesh messaging in realistic protest settings. In Chun-Ying Huang, Jyh-Cheng Chen, Shiuh-Pyng Shieh, David Lie, and V´eronique Cortier, editors,Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, CCS 2025, Taipei, Taiwan, Oc...
2025
-
[15]
Anix: Anonymous blackout-resistant microblogging with message endorsing
Sina Kamali and Diogo Barradas. Anix: Anonymous blackout-resistant microblogging with message endorsing. In Marina Blanton, William Enck, and Cristina Nita-Rotaru, editors,IEEE Symposium on Security and Privacy, SP 2025, San Francisco, CA, USA, May 12-15, 2025, pages 1381–1399. IEEE, 2025
2025
-
[16]
ANODR: anonymous on demand rout- ing with untraceable routes for mobile ad-hoc networks
Jiejun Kong and Xiaoyan Hong. ANODR: anonymous on demand rout- ing with untraceable routes for mobile ad-hoc networks. InProceedings of the 4th ACM Interational Symposium on Mobile Ad Hoc Networking and Computing, MobiHoc 2003, Annapolis, Maryland, USA, June 1-3, 2003, pages 291–302. ACM, 2003
2003
-
[17]
Atom: Horizontally scaling strong anonymity
Albert Kwon, Henry Corrigan-Gibbs, Srinivas Devadas, and Bryan Ford. Atom: Horizontally scaling strong anonymity. InProceedings of the 26th Symposium on Operating Systems Principles, Shanghai, China, October 28-31, 2017, pages 406–422. ACM, 2017
2017
-
[18]
Rangzen: Anonymously Getting the Word Out in a Blackout
Adam Lerner, Giulia Fanti, Yahel Ben-David, Jesus Garcia, Paul Schmitt, and Barath Raghavan. Rangzen: Anonymously getting the word out in a blackout.CoRR, abs/1612.03371, 2016
work page internal anchor Pith review Pith/arXiv arXiv 2016
-
[19]
Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis
Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. The loopix anonymity system. In Engin Kirda and Thomas Ristenpart, editors,26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, pages 1199–1216. USENIX Association, 2017
2017
-
[20]
Choffnes, Stevens Le Blond, and Bryan Ford
Amogh Pradeep, Hira Javaid, Ryan Williams, Antoine Rault, David R. Choffnes, Stevens Le Blond, and Bryan Ford. Moby: A blackout- resistant anonymity network for mobile devices.Proc. Priv. Enhancing Technol., 2022(3):247–267, 2022
2022
-
[21]
Towards an information theoretic metric for anonymity
Andrei Serjantov and George Danezis. Towards an information theoretic metric for anonymity. InInternational Workshop on Privacy Enhancing Technologies, pages 41–53. Springer, 2002
2002
-
[22]
ARM: anonymous routing protocol for mobile ad hoc networks.Int
Stefaan Seys and Bart Preneel. ARM: anonymous routing protocol for mobile ad hoc networks.Int. J. Wirel. Mob. Comput., 3(3):145–155, 2009
2009
-
[23]
Vuvuzela: scalable private messaging resistant to traffic analysis
Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zel- dovich. Vuvuzela: scalable private messaging resistant to traffic analysis. In Ethan L. Miller and Steven Hand, editors,Proceedings of the 25th Symposium on Operating Systems Principles, SOSP 2015, Monterey, CA, USA, October 4-7, 2015, pages 137–152. ACM, 2015
2015
-
[24]
Efficient linkable ring signatures: New framework and post-quantum instanti- ations
Yuxi Xue, Xingye Lu, Man Ho Au, and Chengru Zhang. Efficient linkable ring signatures: New framework and post-quantum instanti- ations. In Joaqu ´ın Garc´ıa-Alfaro, Rafal Kozik, Michal Choras, and Sokratis K. Katsikas, editors,Computer Security - ESORICS 2024 - 29th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16-20, 2...
2024
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.