|
Authentication is arguably the most important security goal in cryptography. When communication happens over a real-life network we need to make sure that we are talking to the right person and not with an impostor.
In a public key scenario, message authentication has been long associated with digital signatures. In this case, however message authentication is connected with another property: non-repudiation. Once a party signs a message, she is bound to it. Everybody can verify that she signed it. This is a very useful prperty when digital signatures are used for contracts or commerce transactions, where conditions must be enforced in case of a dispute.
On the other hand, this feature raises important privacy issues. What if Alice wants to say something very private to Bob, in a way that Bob believes it comes from her, but also in a way that Bob cannot convince a third party that Alice said such a thing? Or even that Alice spoke to Bob at all? Clearly digital signatures do not allow Alice to do this.
The issue of deniability in public key authentication is thus to create authentication mechanisms where the receiver cannot prove to third party that he received an authenticated message from the sender. Deniability thus is an important privacy-enabling feature of cryptographic protocols and as such has many important practical applications.
M.Di Raimondo, R.Gennaro and H.Krawczyk: Deniable authentication and key exchange. ACM Conference on Computer and Communications Security 2006: 400-409
M.Di Raimondo, R.Gennaro and H.Krawczyk. The Security of Off-the-Record Messaging. 2005 ACM Workshop on Privacy in the Electronic Society (WPES'05), pp.81-89.
M.Di Raimondo and R.Gennaro. New Approaches in Deniable Authentication. Extended version of the paper that appeared at the 2005 ACM Conference on Computer and Communications Security (CCS'05), pp.112-121.
|
