New approaches for deniable authentication

Raimondo, Mario Di; Gennaro, Rosario

doi:10.1145/1102120.1102137

Cited by 56 publications

(42 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deniable authentication can be used in many specialized applications. For example, it can provide freedom from coercion in electronic voting systems and secure negotiation over the Internet [20,21]. In 2005, Shi and Li [22] extended deniable authentication into identity-based environment and designed an identity-based deniable authentication (IBDA) protocol.…”

Section: Related Workmentioning

confidence: 99%

Identity-based deniable authenticated encryption and its application to e-mail system

Zheng

Jin

2015

Telecommun Syst

View full text Add to dashboard Cite

An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by "deniable authentication followed by encryption" method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the "deniable authentication followed by encryption" method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated encryption (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward "deniable authentication followed by encryption" schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.B

show abstract

Section: Related Workmentioning

confidence: 99%

Identity-based deniable authenticated encryption and its application to e-mail system

Zheng

Jin

2015

Telecommun Syst

View full text Add to dashboard Cite

show abstract

“…. , tag before seeing the public key P K. As noted in [13,19] in the case of ordinary multi-trapdoor commitments, some applications might require to consider a notion of adaptive security where, much in the fashion of identity-based trapdoor commitments [1,7], the adversary can query T G in an adaptive fashion. In the present context, non-adaptive security suffices.…”

Section: Definition 2 [15] a Zk-edb Protocol Is Strongly Independentmentioning

confidence: 99%

Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs

Libert

Yung

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Introduced by Micali, Rabin and Kilian (MRK), the basic primitive of zero-knowledge sets (ZKS) allows a prover to commit to a secret set S so as to be able to prove statements such as x ∈ S or x ∈ S. Chase et al. showed that ZKS protocols are underlain by a cryptographic primitive termed mercurial commitment. A (trapdoor) mercurial commitment has two commitment procedures. At committing time, the committer can choose not to commit to a specific message and rather generate a dummy value which it will be able to softly open to any message without being able to completely open it. Hard commitments, on the other hand, can be hardly or softly opened to only one specific message. At Eurocrypt 2008, Catalano, Fiore and Messina (CFM) introduced an extension called trapdoor q-mercurial commitment (qTMC), which allows committing to a vector of q messages. These qTMC schemes are interesting since their openings w.r.t. specific vector positions can be short (ideally, the opening length should not depend on q), which provides zero-knowledge sets with much shorter proofs when such a commitment is combined with a Merkle tree of arity q. The CFM construction notably features short proofs of non-membership as it makes use of a qTMC scheme with short soft openings. A problem left open is that hard openings still have size O(q), which prevents proofs of membership from being as compact as those of non-membership. In this paper, we solve this open problem and describe a new qTMC scheme where hard and short position-wise openings, both, have constant size. We then show how our scheme is amenable to constructing independent zero-knowledge sets (i.e., ZKS's that prevent adversaries from correlating their set to the sets of honest provers, as defined by Gennaro and Micali). Our solution retains the short proof property for this important primitive as well.

show abstract

“…Unfortunately, the high complexity of PIR techniques, and the inability of search engines to do targeted advertising, prevent its practical adoption for search engines. The alternative of deniability is not unfamiliar to computer science literature, appearing in Deniable Encryption [6] and Deniable Authentication [20], key exchange protocols [18], and steganography [7]. We bring the basic concept to the real-world problem of web search.…”

Section: Background and Related Workmentioning

confidence: 99%

Providing Privacy through Plausibly Deniable Search

Murugesan

Clifton

2009

Proceedings of the 2009 SIAM International Conference on Data Mining

View full text Add to dashboard Cite

Query-based web search is an integral part of many people's daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K randomly selected users. While valuable as a research tool, the anonymization was insufficient: individuals were identified from the contents of the queries alone [2]. Government requests for such logs increases the concern. To address this problem, we propose a client-centered approach of plausibly deniable search. Each user query is substituted with a standard, closely-related query intended to fetch the desired results. In addition, a set of k-1 cover queries are issued; these have characteristics similar to the standard query but on unrelated topics. The system ensures that any of these k queries will produce the same set of k queries, giving k possible topics the user could have been searching for. We use a Latent Semantic Indexing (LSI) based approach to generate queries, and evaluate on the DMOZ [10] webpage collection to show effectiveness of the proposed approach.

show abstract

New approaches for deniable authentication

Cited by 56 publications

References 30 publications

Identity-based deniable authenticated encryption and its application to e-mail system

Identity-based deniable authenticated encryption and its application to e-mail system

Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs

Providing Privacy through Plausibly Deniable Search

Contact Info

Product

Resources

About