Advertisement

Journal of Cryptology

, Volume 22, Issue 4, pp 572–615 | Cite as

New Approaches for Deniable Authentication

  • Mario Di Raimondo
  • Rosario Gennaro
Article

Abstract

Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way that the Receiver cannot convince a third party that such authentication (or any authentication) ever took place.

We present two new approaches to the problem of deniable authentication. The novelty of our schemes is that they do not require the use of CCA-secure encryption (all previous known solutions did), thus showing a different generic approach to the problem of deniable authentication. These new approaches are practically relevant as they lead to more efficient protocols.

In the process we point out a subtle definitional issue for deniability. In particular, we propose the notion of forward deniability, which requires that the authentications remain deniable even if the Sender wants to later prove that she authenticated a message. We show that a simulation-based definition of deniability, where the simulation can be computationally indistinguishable from the real protocol does not imply forward deniability. Thus, for deniability one needs to restrict the simulation to be perfect (or statistically close). Our new protocols satisfy this stricter requirement.

Keywords

Authentication Deniability Zero-knowledge 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Y. Aumann, M. Rabin, Authentication, enhanced security and error correcting codes, in Advances in Cryptology, Proc. of CRYPTO ’98. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 299–303 Google Scholar
  2. [2]
    Y. Aumann, M. Rabin, Efficient deniable authentication of long messages, in International Conference on Theoretical Computer Science in Honor of Professor Manuel Blum’s 60th Birthday, April 20–24, 1998. Available from: http://www.cs.cityu.edu.hk/dept/video.html
  3. [3]
    N. Barić, B. Pfitzmann, Collision-free accumulators and fail-stop signature schemes without trees, in Advances in Cryptology, Proceedings of EUROCRYPT ’97. LNCS, vol. 1233 (Springer, Berlin, 1997), pp. 480–494 Google Scholar
  4. [4]
    M. Bellare, R. Canetti, H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, in Proc. of 30th Symposium on Theory of Computing (STOC) (ACM, New York, 1998), pp. 419–428 Google Scholar
  5. [5]
    D. Boneh, X. Boyen, Short signatures without random oracles, in Advances in Cryptology, Proc. of EUROCRYPT ’04. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 56–73 Google Scholar
  6. [6]
    G. Brassard, D. Chaum, C. Cre’peau, Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988) zbMATHCrossRefMathSciNetGoogle Scholar
  7. [7]
    R. Canetti, U. Feige, O. Goldreich, M. Naor, Adaptively secure multi-party computation, in Proc. of 28th Symposium on Theory of Computing (STOC) (ACM, New York, 1996), pp. 639–648 Google Scholar
  8. [8]
    L. Carter, M.N. Wegman, Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979) zbMATHCrossRefMathSciNetGoogle Scholar
  9. [9]
    R. Cramer, I. Damgard, New generation of secure and practical RSA-based signatures, in Advances in Cryptology, Proceedings of CRYPTO ’96. LNCS, vol. 1109 (Springer, Berlin, 1996), pp. 173–185 Google Scholar
  10. [10]
    R. Cramer, V. Shoup, A practical public-key cryptosystem secure against adaptive chosen ciphertexts attacks, in Advances in Cryptology, Proc. of CRYPTO ’98. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 13–25 Google Scholar
  11. [11]
    R. Cramer, V. Shoup, Signature scheme based on the strong RSA assumption, in Proc. of 6th ACM Conference of Computer and Communication Security (1999) Google Scholar
  12. [12]
    R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Advances in Cryptology, Proc. of EUROCRYPT ’02. LNCS, vol. 2332 (Springer, Berlin, 2002), pp. 45–64 CrossRefGoogle Scholar
  13. [13]
    I. Damgård, J. Groth, Non-interactive and reusable non-malleable commitment schemes. in Proc. of 35th ACM Symp. on Theory of Computing (STOC’03), (2003), pp. 426–437 Google Scholar
  14. [14]
    G. Di Crescenzo, Y. Ishai, R. Ostrovsky, Non-interactive and non-malleable commitment. in Proc. of 30th ACM Symp. on Theory of Computing (STOC’98), (1998), pp. 141–150 Google Scholar
  15. [15]
    G. Di Crescenzo, J. Katz, R. Ostrovsky, A. Smith, Efficient and non-interactive non-malleable commitment, in Proc. of EUROCRYPT 2001. LNCS, vol. 2045 (Springer, Berlin, 2001), pp. 40–59 Google Scholar
  16. [16]
    W. Diffie, M.E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976) zbMATHCrossRefMathSciNetGoogle Scholar
  17. [17]
    M. Di Raimondo, R. Gennaro, H. Krawczyk, Deniable authentication and key exchange, in ACM Conference on Computer and Communications Security (CCS’06) (ACM Press, New York, 2006), pp. 400–409 Google Scholar
  18. [18]
    D. Dolev, C. Dwork, M. Naor, Non-Malleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000) zbMATHCrossRefMathSciNetGoogle Scholar
  19. [19]
    C. Dwork, M. Naor, A. Sahai, Concurrent zero-knowledge. J. ACM 51(6), 851–898 (2004). Preliminary version in STOC’98 zbMATHCrossRefMathSciNetGoogle Scholar
  20. [20]
    J. Garay, P. MacKenzie, K. Yang, Strengthening zero-knowledge protocols using signatures, in Advances in Cryptology, Proc. of EUROCRYPT ’03. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 177–194 CrossRefGoogle Scholar
  21. [21]
    R. Gennaro, Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks, in Advances in Cryptology, Proc. of CRYPTO ’04. LNCS, vol. 3152 (Springer, Berlin, 2004) Google Scholar
  22. [22]
    R. Gennaro, V. Shoup, A note on an encryption scheme of Kurosawa and Desmedt, http://eprint.iacr.org/2004/194/
  23. [23]
    R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, in Advances in Cryptology, Proc. of EUROCRYPT ’99. LNCS, vol. 1592 (Springer, Berlin, 1999), pp. 123–139 Google Scholar
  24. [24]
    O. Goldreich, A. Kahan, How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(3), 167–190 (1996) zbMATHCrossRefMathSciNetGoogle Scholar
  25. [25]
    O. Goldreich, S. Micali, A. Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, in Proc. of 27th IEEE Annual Symposium on the Foundations of Computer Science, vol. 38, no. 1, July 1991, pp. 691–729 Google Scholar
  26. [26]
    S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984) zbMATHCrossRefMathSciNetGoogle Scholar
  27. [27]
    S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988) zbMATHCrossRefMathSciNetGoogle Scholar
  28. [28]
    S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof-systems. SIAM J. Comput. 18(1), 186–208 (1989) zbMATHCrossRefMathSciNetGoogle Scholar
  29. [29]
    P. Gutman, Secure deletion of data from magnetic and solid-state memory, in Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22–25, 1996 Google Scholar
  30. [30]
    D. Harkins, D. Carrel, (eds.) The Internet Key Exchange (IKE), RFC 2409, Nov. 1998 Google Scholar
  31. [31]
    J. Herranz, D. Hofheinz, E. Kiltz, The Kurosawa–Desmedt Key Encapsulation Is Not Chosen-Ciphertext Secure. IACR Cryptology ePrint Arhive, Report 2006/207. Available at http://eprint.iacr.org/2006/207
  32. [32]
    M. Jakobsson, K. Sako, R. Impagliazzo, Designated verifier proofs and their applications, in Advances in Cryptology, Proc. of EUROCRYPT ’96. LNCS, vol. 1070 (Springer, Berlin, 1996), pp. 143–154 Google Scholar
  33. [33]
    J. Katz, Efficient and non-malleable proofs of plaintext knowledge and applications, in Advances in Cryptology, Proc. of EUROCRYPT ’03. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 211–228 CrossRefGoogle Scholar
  34. [34]
    H. Krawczyk, SKEME: a versatile secure key exchange mechanism for Internet, in IEEE Symposium on Network and Distributed System Security (SNDSS ’96) (1996) Google Scholar
  35. [35]
    H. Krawczyk, SIGMA: The ‘SiGn-and-MAC’ approach to authenticated Diffie–Hellman and its use in the IKE protocols, in Advances in cryptology, Proc. of CRYPTO ’03. LNCS, vol. 2729 (Springer, Berlin, 2003), pp. 400–425. Available at http://www.research.ibm.com/security/sigma.ps Google Scholar
  36. [36]
    H. Krawczyk, T. Rabin, Chameleon hashing and signatures, in Proc. of Network and Distributed Systems Security Symposium (NDSS) 2000 (Internet Society, 2000), pp. 143–154 Google Scholar
  37. [37]
    K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology, Proc. of CRYPTO ’04. LNCS, vol. 3152 (Springer, Berlin, 2004), pp. 426–442 Google Scholar
  38. [38]
    L. Lamport, Constructing digital signatures from a one-way function. Technical Report SRI Intl. CSL 98 (1979) Google Scholar
  39. [39]
    P. MacKenzie, K. Yang, On simulation-sound commitments, in Advances in Cryptology, Proc. of EUROCRYPT ’04. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 382–400 Google Scholar
  40. [40]
    W. Mao, K.G. Paterson, On the plausible deniability feature of Internet protocols. Manuscript Google Scholar
  41. [41]
    M. Naor, Deniable ring authentication, in Advances in Cryptology, Proc. of CRYPTO ’02. LNCS, vol. 2442 (Springer, Berlin, 2002), pp. 481–498 Google Scholar
  42. [42]
    M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in Proc. of 22nd Symposium on Theory of Computing (STOC) (ACM, New York, 1990), pp. 427–437 Google Scholar
  43. [43]
    R. Pass, On deniability in the common reference string and random oracle model, in Advances in Cryptology, Proc. of CRYPTO ’03. LNCS, vol. 2729 (Springer, Berlin, 2003), pp. 316–337 Google Scholar
  44. [44]
    R. Rivest, A. Shamir, L. Adelman, A method for obtaining digital signature and public key cryptosystems. Commun. ACM 21(2), 120–126 (1978) zbMATHCrossRefGoogle Scholar
  45. [45]
    R. Rivest, A. Shamir, Y. Tauman, How to leak a secret, in Advances in Cryptology, Proc. of ASIACRYPT ’01. LNCS, vol. 2248 (Springer, Berlin, 2001), pp. 552–565 Google Scholar
  46. [46]
    A. Shamir, On the generation of cryptographically strong pseudorandom sequences, in ACM Transactions on Computer Systems (TOCS), vol. 1, no. 1, (ACM, New York, 1983), pp. 38–44 Google Scholar
  47. [47]
    V. Shoup, Using hash functions as a hedge against chosen ciphertext attack, in Advances in Cryptology, Proc. of EUROCRYPT ’00. LNCS, vol. 1807 (Springer, Berlin, 2000), pp. 275–288 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2009

Authors and Affiliations

  1. 1.Dipartimento di Matematica ed InformaticaUniversità di CataniaCataniaItaly
  2. 2.IBM T.J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations