Advances in Cryptology – EUROCRYPT 2011

Volume 6632 of the series Lecture Notes in Computer Science pp 610-626

Deniable Encryption with Negligible Detection Probability: An Interactive Construction

  • Markus DürmuthAffiliated withRuhr-University
  • , David Mandell FreemanAffiliated withStanford University


Deniable encryption, introduced in 1997 by Canetti, Dwork, Naor, and Ostrovsky, guarantees that the sender or the receiver of a secret message is able to “fake” the message encrypted in a specific ciphertext in the presence of a coercing adversary, without the adversary detecting that he was not given the real message. To date, constructions are only known either for weakened variants with separate “honest” and “dishonest” encryption algorithms, or for single-algorithm schemes with non-negligible detection probability.

We propose the first sender-deniable public key encryption system with a single encryption algorithm and negligible detection probability. We describe a generic interactive construction based on a public key bit encryption scheme that has certain properties, and we give two examples of encryption schemes with these properties, one based on the quadratic residuosity assumption and the other on trapdoor permutations.


Deniable encryption electronic voting multi-party computation