Cryptology ePrint Archive: Report 2013/684

Fully Bideniable Public-Key Encryption

Marcel Šebek

Abstract: Bideniable encryption allows both sender and receiver in a public-key setting to simultaneously claim that a different message of their choice was transmitted, and support this claim by a good-looking encryption and key-generation randomness, respectively. A weaker version with two variants of algorithms is called flexible or multi-distributional deniability, a stronger one-algorithm version is called full deniability. Bendlin et al. (ASIACRYPT 2011) showed that certain kinds of fully-deniable schemes are constructible using corresponding flexible schemes. In this paper, we show that their construction in the bideniable case has a flaw, and we provide a fixed scheme. Our construction relies on a deterministic subset matching algorithm that assigns to each nonempty subset of a finite set its proper subset reduced by exactly one element. Although this algorithm is crucial in our construction, it may also be of independent interest.

Category / Keywords: public-key cryptography / deniable encryption, plausible deniability, fully bideniable PKE, subset matching

Date: received 23 Oct 2013

Contact author: marcel sebek at matfyz cz

Available format(s): PDF | BibTeX Citation

Version: 20131024:160220 (All versions of this report)

Short URL: ia.cr/2013/684

Discussion forum: Show discussion | Start new discussion