Paper 1996/002

Deniable Encryption

Ran Canetti, Cynthia Dwork, Moni Naor, and Rafi Ostrovsky

Abstract

Consider a situation in which the transmission of encrypted messages is intercepted by an adversary who can later ask the sender to reveal the random choices (and also the secret key, if one exists) used in generating the ciphertext, thereby exposing the cleartext. An encryption scheme is <B>deniable</B> if the sender can generate `fake random choices' that will make the ciphertext `look like' an encryption of a different cleartext, thus keeping the real cleartext private. Analogous requirements can be formulated with respect to attacking the receiver and with respect to attacking both parties. In this paper we introduce deniable encryption and propose constructions of schemes with polynomial deniability. In addition to being interesting by itself, and having several applications, deniable encryption provides a simplified and elegant construction of <B>adaptively secure</B> multiparty computation.

Metadata
Available format(s)
PS
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
EncryptionPublic keyPrivate keyCoercionVoting.
Contact author(s)
canetti @ theory lcs mit edu
History
1996-05-10: received
Short URL
https://ia.cr/1996/002
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:1996/002,
      author = {Ran Canetti and Cynthia Dwork and Moni Naor and Rafi Ostrovsky},
      title = {Deniable Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 1996/002},
      year = {1996},
      url = {https://eprint.iacr.org/1996/002}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.