Traceable mixnets. (arXiv:2305.08138v1 [cs.CR])

We introduce the notion of \emph{traceable mixnets}. In a traditional mixnet,
multiple mix-servers jointly permute and decrypt a list of ciphertexts to
produce a list of plaintexts, along with a proof of correctness, such that the
association between individual ciphertexts and plaintexts remains completely
hidden. However, in many applications, the privacy-utility tradeoff requires
answering some specific queries about this association, without revealing any
information beyond the query result. We consider queries of the following type:
a) given a ciphertext in …

applications correctness decrypt hidden list privacy servers traceable utility