Adaptively secure multi-party computation
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A public-key cryptosystem with worst-case/average-case equivalence
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Generating Hard Instances of the Short Basis Problem
ICAL '99 Proceedings of the 26th International Colloquium on Automata, Languages and Programming
A Forward-Secure Digital Signature Scheme
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Improved Non-committing Encryption Schemes Based on a General Complexity Assumption
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Incoercible multiparty computation
FOCS '96 Proceedings of the 37th Annual Symposium on Foundations of Computer Science
Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998
Journal of the ACM (JACM)
A Forward-Secure Public-Key Encryption Scheme
Journal of Cryptology
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On lattices, learning with errors, random linear codes, and cryptography
Journal of the ACM (JACM)
Somewhat Non-committing Encryption and Efficient Adaptively Secure Oblivious Transfer
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Improved Non-committing Encryption with Applications to Adaptively Secure Protocols
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Survey: leakage resilience and the bounded retrieval model
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
Deniable encryption with negligible detection probability: an interactive construction
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
The geometry of lattice cryptography
Foundations of security analysis and design VI
Lower and upper bounds for deniable public-key encryption
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Deniable encryptions secure against adaptive chosen ciphertext attack
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Standard security does not imply security against selective-opening
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Circular and KDM security for identity-based encryption
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Neuroscience meets cryptography: designing crypto primitives secure against rubber hose attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Universally composable security with local adversaries
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Classical hardness of learning with errors
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Hi-index | 0.00 |
In 1997, Canetti et al. (CRYPTO 1997) put forward the intruiging notion of deniable encryption, which (informally) allows a sender and/or receiver, having already performed some encrypted communication, to produce 'fake' (but legitimate-looking) random coins that open the ciphertext to another message. Deniability is a powerful notion for both practice and theory: apart from its inherent utility for resisting coercion, a deniable scheme is also noncommitting (a useful property in constructing adaptively secure protocols) and secure under selectiveopening attacks on whichever parties can equivocate. To date, however, known constructions have achieved only limited forms of deniability, requiring at least one party to withhold its randomness, and in some cases using an interactive protocol or external parties. In this work we construct bi-deniable public-key cryptosystems, in which both the sender and receiver can simultaneously equivocate; we stress that the schemes are noninteractive and involve no third parties. One of our systems is based generically on "simulatable encryption" as defined by Damgård and Nielsen (CRYPTO 2000), while the other is lattice-based and builds upon the results of Gentry, Peikert and Vaikuntanathan (STOC 2008) with techniques that may be of independent interest. Both schemes work in the so-called "multi-distributional" model, in which the parties run alternative key-generation and encryption algorithms for equivocable communication, but claim under coercion to have run the prescribed algorithms. Although multi-distributional deniability has not attracted much attention, we argue that it is meaningful and useful because it provides credible coercion resistance in certain settings, and suffices for all of the related properties mentioned above.