Cryptology ePrint Archive: Report 2005/046

New Approaches for Deniable Authentication

Mario Di Raimondo and Rosario Gennaro

Abstract: Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way that the Receiver cannot convince a third party that such authentication (or any authentication) ever took place.

We present two new approaches to the problem of deniable authentication. The novelty of our schemes is that they do not require the use of CCA-secure encryption (all previous known solutions did), thus showing a different generic approach to the problem of deniable authentication. These new approaches are practically relevant as they lead to more efficient protocols.

In the process we point out a subtle definitional issue for deniability. In particular we propose the notion of "forward deniability", which requires that the authentications remain deniable even if the Sender wants to later prove that she authenticated a message. We show that a simulation-based definition of deniability, where the simulation can be computationally indistinguishable from the real protocol does not imply forward deniability. Thus for deniability one needs to restrict the simulation to be perfect (or statistically close). Our new protocols satisfy this stricter requirement.

Category / Keywords: cryptographic protocols / Authentication, Deniability, Zero-Knowledge, Concurrency

Publication Info: proceedings of ACM CCS 2005

Date: received 19 Feb 2005, last revised 31 May 2006

Contact author: diraimondo at dmi unict it

Available format(s): PDF | BibTeX Citation

Note: updated full version

Version: 20060531:142114 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]