Deniable Encryption

  • Rein Canetti
  • Cynthia Dwork
  • Moni Naor
  • Rafail Ostrovsky
Conference paper

DOI: 10.1007/BFb0052229

Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)
Cite this paper as:
Canetti R., Dwork C., Naor M., Ostrovsky R. (1997) Deniable Encryption. In: Kaliski B.S. (eds) Advances in Cryptology — CRYPTO '97. CRYPTO 1997. Lecture Notes in Computer Science, vol 1294. Springer, Berlin, Heidelberg


Consider a situation in which the transmission of encrypted messages is intercepted by an adversary who can later ask the sender to reveal the random choices (and also the secret key, if one exists) used in generating the ciphertext, thereby exposing the cleartext. An encryption scheme is deniable if the sender can generate 'fake random choices' that will make the ciphertext ‘look like’ an encryption of a different cleartext, thus keeping the real cleartext private. Analogous requirements can be formulated with respect to attacking the receiver and with respect to attacking both parties.

In this paper we introduce deniable encryption and propose constructions of schemes with polynomial deniability. In addition to being interesting by itself, and having several applications, deniable encryption provides a simplified and elegant construction of adoptively secure multiparty computation.

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Rein Canetti
    • 1
  • Cynthia Dwork
    • 2
  • Moni Naor
    • 3
  • Rafail Ostrovsky
    • 4
  1. 1.IBM T.J. Watson Research CenterUSA
  2. 2.IBM Almaden Research CenterUSA
  3. 3.Dept. of Computer ScienceThe Weizmann InstituteUSA
  4. 4.Bell Communications ResearchMorristown

Personalised recommendations