Abstract
Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way that the Receiver cannot convince a third party that such authentication (or any authentication) ever took place.
We present two new approaches to the problem of deniable authentication. The novelty of our schemes is that they do not require the use of CCA-secure encryption (all previous known solutions did), thus showing a different generic approach to the problem of deniable authentication. These new approaches are practically relevant as they lead to more efficient protocols.
In the process we point out a subtle definitional issue for deniability. In particular, we propose the notion of forward deniability, which requires that the authentications remain deniable even if the Sender wants to later prove that she authenticated a message. We show that a simulation-based definition of deniability, where the simulation can be computationally indistinguishable from the real protocol does not imply forward deniability. Thus, for deniability one needs to restrict the simulation to be perfect (or statistically close). Our new protocols satisfy this stricter requirement.
Article PDF
Similar content being viewed by others
References
Y. Aumann, M. Rabin, Authentication, enhanced security and error correcting codes, in Advances in Cryptology, Proc. of CRYPTO ’98. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 299–303
Y. Aumann, M. Rabin, Efficient deniable authentication of long messages, in International Conference on Theoretical Computer Science in Honor of Professor Manuel Blum’s 60th Birthday, April 20–24, 1998. Available from: http://www.cs.cityu.edu.hk/dept/video.html
N. Barić, B. Pfitzmann, Collision-free accumulators and fail-stop signature schemes without trees, in Advances in Cryptology, Proceedings of EUROCRYPT ’97. LNCS, vol. 1233 (Springer, Berlin, 1997), pp. 480–494
M. Bellare, R. Canetti, H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, in Proc. of 30th Symposium on Theory of Computing (STOC) (ACM, New York, 1998), pp. 419–428
D. Boneh, X. Boyen, Short signatures without random oracles, in Advances in Cryptology, Proc. of EUROCRYPT ’04. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 56–73
G. Brassard, D. Chaum, C. Cre’peau, Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)
R. Canetti, U. Feige, O. Goldreich, M. Naor, Adaptively secure multi-party computation, in Proc. of 28th Symposium on Theory of Computing (STOC) (ACM, New York, 1996), pp. 639–648
L. Carter, M.N. Wegman, Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)
R. Cramer, I. Damgard, New generation of secure and practical RSA-based signatures, in Advances in Cryptology, Proceedings of CRYPTO ’96. LNCS, vol. 1109 (Springer, Berlin, 1996), pp. 173–185
R. Cramer, V. Shoup, A practical public-key cryptosystem secure against adaptive chosen ciphertexts attacks, in Advances in Cryptology, Proc. of CRYPTO ’98. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 13–25
R. Cramer, V. Shoup, Signature scheme based on the strong RSA assumption, in Proc. of 6th ACM Conference of Computer and Communication Security (1999)
R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Advances in Cryptology, Proc. of EUROCRYPT ’02. LNCS, vol. 2332 (Springer, Berlin, 2002), pp. 45–64
I. Damgård, J. Groth, Non-interactive and reusable non-malleable commitment schemes. in Proc. of 35th ACM Symp. on Theory of Computing (STOC’03), (2003), pp. 426–437
G. Di Crescenzo, Y. Ishai, R. Ostrovsky, Non-interactive and non-malleable commitment. in Proc. of 30th ACM Symp. on Theory of Computing (STOC’98), (1998), pp. 141–150
G. Di Crescenzo, J. Katz, R. Ostrovsky, A. Smith, Efficient and non-interactive non-malleable commitment, in Proc. of EUROCRYPT 2001. LNCS, vol. 2045 (Springer, Berlin, 2001), pp. 40–59
W. Diffie, M.E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
M. Di Raimondo, R. Gennaro, H. Krawczyk, Deniable authentication and key exchange, in ACM Conference on Computer and Communications Security (CCS’06) (ACM Press, New York, 2006), pp. 400–409
D. Dolev, C. Dwork, M. Naor, Non-Malleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)
C. Dwork, M. Naor, A. Sahai, Concurrent zero-knowledge. J. ACM 51(6), 851–898 (2004). Preliminary version in STOC’98
J. Garay, P. MacKenzie, K. Yang, Strengthening zero-knowledge protocols using signatures, in Advances in Cryptology, Proc. of EUROCRYPT ’03. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 177–194
R. Gennaro, Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks, in Advances in Cryptology, Proc. of CRYPTO ’04. LNCS, vol. 3152 (Springer, Berlin, 2004)
R. Gennaro, V. Shoup, A note on an encryption scheme of Kurosawa and Desmedt, http://eprint.iacr.org/2004/194/
R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, in Advances in Cryptology, Proc. of EUROCRYPT ’99. LNCS, vol. 1592 (Springer, Berlin, 1999), pp. 123–139
O. Goldreich, A. Kahan, How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(3), 167–190 (1996)
O. Goldreich, S. Micali, A. Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, in Proc. of 27th IEEE Annual Symposium on the Foundations of Computer Science, vol. 38, no. 1, July 1991, pp. 691–729
S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof-systems. SIAM J. Comput. 18(1), 186–208 (1989)
P. Gutman, Secure deletion of data from magnetic and solid-state memory, in Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22–25, 1996
D. Harkins, D. Carrel, (eds.) The Internet Key Exchange (IKE), RFC 2409, Nov. 1998
J. Herranz, D. Hofheinz, E. Kiltz, The Kurosawa–Desmedt Key Encapsulation Is Not Chosen-Ciphertext Secure. IACR Cryptology ePrint Arhive, Report 2006/207. Available at http://eprint.iacr.org/2006/207
M. Jakobsson, K. Sako, R. Impagliazzo, Designated verifier proofs and their applications, in Advances in Cryptology, Proc. of EUROCRYPT ’96. LNCS, vol. 1070 (Springer, Berlin, 1996), pp. 143–154
J. Katz, Efficient and non-malleable proofs of plaintext knowledge and applications, in Advances in Cryptology, Proc. of EUROCRYPT ’03. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 211–228
H. Krawczyk, SKEME: a versatile secure key exchange mechanism for Internet, in IEEE Symposium on Network and Distributed System Security (SNDSS ’96) (1996)
H. Krawczyk, SIGMA: The ‘SiGn-and-MAC’ approach to authenticated Diffie–Hellman and its use in the IKE protocols, in Advances in cryptology, Proc. of CRYPTO ’03. LNCS, vol. 2729 (Springer, Berlin, 2003), pp. 400–425. Available at http://www.research.ibm.com/security/sigma.ps
H. Krawczyk, T. Rabin, Chameleon hashing and signatures, in Proc. of Network and Distributed Systems Security Symposium (NDSS) 2000 (Internet Society, 2000), pp. 143–154
K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology, Proc. of CRYPTO ’04. LNCS, vol. 3152 (Springer, Berlin, 2004), pp. 426–442
L. Lamport, Constructing digital signatures from a one-way function. Technical Report SRI Intl. CSL 98 (1979)
P. MacKenzie, K. Yang, On simulation-sound commitments, in Advances in Cryptology, Proc. of EUROCRYPT ’04. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 382–400
W. Mao, K.G. Paterson, On the plausible deniability feature of Internet protocols. Manuscript
M. Naor, Deniable ring authentication, in Advances in Cryptology, Proc. of CRYPTO ’02. LNCS, vol. 2442 (Springer, Berlin, 2002), pp. 481–498
M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in Proc. of 22nd Symposium on Theory of Computing (STOC) (ACM, New York, 1990), pp. 427–437
R. Pass, On deniability in the common reference string and random oracle model, in Advances in Cryptology, Proc. of CRYPTO ’03. LNCS, vol. 2729 (Springer, Berlin, 2003), pp. 316–337
R. Rivest, A. Shamir, L. Adelman, A method for obtaining digital signature and public key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
R. Rivest, A. Shamir, Y. Tauman, How to leak a secret, in Advances in Cryptology, Proc. of ASIACRYPT ’01. LNCS, vol. 2248 (Springer, Berlin, 2001), pp. 552–565
A. Shamir, On the generation of cryptographically strong pseudorandom sequences, in ACM Transactions on Computer Systems (TOCS), vol. 1, no. 1, (ACM, New York, 1983), pp. 38–44
V. Shoup, Using hash functions as a hedge against chosen ciphertext attack, in Advances in Cryptology, Proc. of EUROCRYPT ’00. LNCS, vol. 1807 (Springer, Berlin, 2000), pp. 275–288
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Moni Naor
A preliminary version of this paper appeared in the Proceedings of the 2005 ACM Conference on Computer and Communication Security.
Work done while visiting the IBM T.J. Watson Research Center.
Rights and permissions
About this article
Cite this article
Di Raimondo, M., Gennaro, R. New Approaches for Deniable Authentication. J Cryptol 22, 572–615 (2009). https://doi.org/10.1007/s00145-009-9044-3
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-009-9044-3