Paper 2018/920

A Message Franking Channel

Loïs Huguenin-Dumittan and Iraklis Leontiadis


We pursue to formalize and instantiate a secure bidirectional channel with message franking properties. Under this model a sender may send an abusive message to the receiver and the latter wish to open it in a verifiable way to a third party. Potential malicious behavior of a sender requires message franking protocols resistant to sending messages that cannot be opened later by the receiver. An adversary impersonated by the receiver may also try to open messages that have not been sent by the sender. Wrapping a message franking protocol in a secure channel requires a more delicate treatment in order to avoid drops or replay of messages and out-of-order delivery. To the best of our knowledge we are the first to model the security of a message franking channel, which apart from integrity, confidentiality, resistance to drops, relays and out-of-order delivery is sender and receiver binding: a sender cannot send a message which cannot be opened in a verifiable way later by the receiver, and the receiver cannot claim a message that had not been truly sent by the receiver. Finally, we instantiate a bidirectional message franking channel from symmetric primitives and analyze its security.

Available format(s)
Publication info
Preprint. MINOR revision.
message franking channelsecure communicationchannel securityabusive verifiable reports
Contact author(s)
iraklis leontiadis @ epfl ch
2018-10-02: received
Short URL
Creative Commons Attribution


      author = {Loïs Huguenin-Dumittan and Iraklis Leontiadis},
      title = {A Message Franking Channel},
      howpublished = {Cryptology ePrint Archive, Paper 2018/920},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.