Deniable Encryption

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)


Consider a situation in which the transmission of encrypted messages is intercepted by an adversary who can later ask the sender to reveal the random choices (and also the secret key, if one exists) used in generating the ciphertext, thereby exposing the cleartext. An encryption scheme is deniable if the sender can generate 'fake random choices' that will make the ciphertext ‘look like’ an encryption of a different cleartext, thus keeping the real cleartext private. Analogous requirements can be formulated with respect to attacking the receiver and with respect to attacking both parties.

In this paper we introduce deniable encryption and propose constructions of schemes with polynomial deniability. In addition to being interesting by itself, and having several applications, deniable encryption provides a simplified and elegant construction of adoptively secure multiparty computation.


Encryption Scheme Random Choice Random Input Security Parameter Encrypt Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Ajtai, Generating Hard Instances of Lattice Problems, STOC'96Google Scholar
  2. 2.
    M. Ajtai, C. Dwork, A Public-Key Cryptosystem with Average-Case/Worst-Case Equivalence, STOC'97; see also Electronic Colloquium on Computational Complexity TR96-065, Scholar
  3. 3.
    D. Beaver and S. Haber, Cryptographic Protocols Provably Secure Against Dynamic Adversaries, Eurocrypt, 1992.Google Scholar
  4. 4.
    J. Benaloh and D. Tunistra, Receipt-Free Secret-Ballot Elections, 26th STOC, 1994, pp. 544–552.Google Scholar
  5. 5.
    R. Canetti and R. Gennaro, Incoercible multiparty computation, FOCS'96 Google Scholar
  6. 6.
    R. Canetti, C. Dwork, M. Naor and R. Ostrovsky, Deniable Encryption, Theory of Cryptology Library, tcryptol, 1996.Google Scholar
  7. 7.
    R. Canetti, U. Feige, O. Goldreich and M. Naor, Adaptively secure computation, 28th STOC, 1996.Google Scholar
  8. 8.
    D. Dolev, C. Dwork and M. Naor, Non-malleable cryptography, STOC'91 Google Scholar
  9. 9.
    P. Feldman, Private Communication, 1986.Google Scholar
  10. 10.
    A. Herzberg, Rump-Session presentation at CRYPTO 1991.Google Scholar
  11. 11.
    R. Gennaro, unpublished manuscript.Google Scholar
  12. 12.
    O. Goldreich and L. Levin, A Hard-Core Predicate to any One-Way Function, 21st STOC, 1989, pp. 25–32.Google Scholar
  13. 13.
    O. Goldreich, S. Micali and A. Wigderson, Proofs that Yield Nothing but the Validity of the Assertion, and a Methodology of Cryptographic Protocol Design, 27th FOCS, 174–187, 1986.Google Scholar
  14. 14.
    O. Goldreich, S. Micali and A. Wigderson, How to Play any Mental Game, 19th STOC, pp. 218–229, 1987.Google Scholar
  15. 15.
    S. Goldwasser and S. Micali, Probabilistic encryption, JCSS, Vol. 28, No 2, April 1984, pp. 270–299.zbMATHMathSciNetGoogle Scholar
  16. 16.
    P. Gutman, Secure Deletion of Data from Magnetic and Solid-State Memory, Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22–25, 1996, pp. 77–89.Google Scholar
  17. 17.
    M. Naor and M. Yung “ Public key cryptosystems provably secure against chosen ciphertext attacks”, Proc. 22nd ACM Annual Symposium on the Theory of Computing, 1990, pp. 427–437.Google Scholar
  18. 18.
    C. Rackoff and D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, CRYPT0'91, (LNCS 576), 1991.Google Scholar
  19. 19.
    K. Sako and J. Kilian, Receipt-Free Mix-Type Voting Scheme, Eurocrypt 1995, pp. 393–403.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  1. 1.IBM T.J. Watson Research CenterUSA
  2. 2.IBM Almaden Research CenterUSA
  3. 3.Dept. of Computer ScienceThe Weizmann InstituteUSA
  4. 4.Bell Communications ResearchMorristown

Personalised recommendations