Paper 2005/046

New Approaches for Deniable Authentication

Mario Di Raimondo and Rosario Gennaro


Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way that the Receiver cannot convince a third party that such authentication (or any authentication) ever took place. We present two new approaches to the problem of deniable authentication. The novelty of our schemes is that they do not require the use of CCA-secure encryption (all previous known solutions did), thus showing a different generic approach to the problem of deniable authentication. These new approaches are practically relevant as they lead to more efficient protocols. In the process we point out a subtle definitional issue for deniability. In particular we propose the notion of "forward deniability", which requires that the authentications remain deniable even if the Sender wants to later prove that she authenticated a message. We show that a simulation-based definition of deniability, where the simulation can be computationally indistinguishable from the real protocol does not imply forward deniability. Thus for deniability one needs to restrict the simulation to be perfect (or statistically close). Our new protocols satisfy this stricter requirement.

Note: updated full version

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. proceedings of ACM CCS 2005
Contact author(s)
diraimondo @ dmi unict it
2006-05-31: last of 4 revisions
2005-02-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mario Di Raimondo and Rosario Gennaro},
      title = {New Approaches for Deniable Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2005/046},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.