Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
SIAM Journal on Computing
Security Analysis of IKE's Signature-Based Key-Exchange Protocol
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Entity Authentication and Key Distribution
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Existence of 3-Round Zero-Knowledge Protocols
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Universally Composable Notions of Key Exchange and Secure Channels
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
SKEME: a versatile secure key exchange mechanism for Internet
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
Off-the-record communication, or, why not to use PGP
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Journal of the ACM (JACM)
New approaches for deniable authentication
Proceedings of the 12th ACM conference on Computer and communications security
Secure off-the-record messaging
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Efficient and non-malleable proofs of plaintext knowledge and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Toward privacy in public databases
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
The cramer-shoup encryption scheme is plaintext aware in the standard model
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
A non-interactive deniable authentication scheme based on designated verifier proofs
Information Sciences: an International Journal
Composability and On-Line Deniability of Authentication
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Multi-party off-the-record messaging
Proceedings of the 16th ACM conference on Computer and communications security
Relations among notions of plaintext awareness
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Full and partial deniability for authentication schemes
Frontiers of Computer Science in China
PA1 and IND-CCA2 do not guarantee PA2: brief examples
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
An efficient non-interactive deniable authentication scheme based on trapdoor commitment schemes
Computer Communications
Encryption simulatability reconsidered
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
A robust and plaintext-aware variant of signed elgamal encryption
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
OAKE: a new family of implicitly authenticated diffie-hellman protocols
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Deniability and forward secrecy of one-round authenticated key exchange
The Journal of Supercomputing
| Hi-index | 0.00 |
We extend the definitional work of Dwork,Naor and Sahai from deniable authentication to deniable key-exchange protocols. We then use these definitions to prove the deniability features of SKEME and SIGMA, two natural and efficient protocols which serve as basis for the Internet Key Exchange (IKE)protocol.SKEME is an encryption-based protocol for which we prove full deniability based on the plaintext awareness of the underlying encryption scheme. Interestingly SKEME's deniability is possibly the first "natural" application which essentially requires plaintext awareness (until now this notion has been mainly used as a tool for proving chosen-ciphertext security).SIGMA, on the other hand,uses non-repudiable signatures for authentication and hence cannot be proven to be fully deniable. Yet we are able to prove a weaker, but meaningful, "partial deniability" property: a party may not be able to deny that it was "alive" at some point in time but can fully deny the contents of its communications and the identity of its interlocutors.We remark that the deniability of SKEME and SIGMA holds in a concurrent setting and does not essentially rely on the random oracle model.