TY - GEN
T1 - Fully deniable interactive encryption
AU - Canetti, Ran
AU - Park, Sunoo
AU - Poburinnaya, Oxana
N1 - Funding Information:
RC is a member of the Check Point Institute for Information Security. Supported by the NSF MACS project. SP’s research is supported by the MIT Media Lab’s Digital Currency Initiative and its funders, and earlier, was supported by the following grants: NSF MACS (CNS-1413920), DARPA IBM (W911NF-15-C-0236), Simons Investigator award agreement dated June 5th, 2012, and the Center for Science of Information (CSoI), an NSF Science & Technology Center, under grant agreement CCF-0939370.
Funding Information:
Acknowledgements. RC is a member of the Check Point Institute for Information Security. Supported by the NSF MACS project. SP’s research is supported by the MIT Media Lab’s Digital Currency Initiative and its funders, and earlier, was supported by the following grants: NSF MACS (CNS-1413920), DARPA IBM (W911NF-15-C-0236), Simons Investigator award agreement dated June 5th, 2012, and the Center for Science of Information (CSoI), an NSF Science & Technology Center, under grant agreement CCF-0939370.
Publisher Copyright:
© International Association for Cryptologic Research 2020.
PY - 2020
Y1 - 2020
N2 - Deniable encryption (Canetti et al., Crypto 1996) enhances secret communication over public channels, providing the additional guarantee that the secrecy of communication is protected even if the parties are later coerced (or willingly bribed) to expose their entire internal states: plaintexts, keys and randomness. To date, constructions of deniable encryption—and more generally, interactive deniable communication—only address restricted cases where only one party is compromised (Sahai and Waters, STOC 2014). The main question—whether deniable communication is at all possible if both parties are coerced at once—has remained open. We resolve this question in the affirmative, presenting a communication protocol that is fully deniable under coercion of both parties. Our scheme has three rounds, assumes subexponentially secure indistinguishability obfuscation and one-way functions, and uses a short global reference string that is generated once at system set-up and suffices for an unbounded number of encryptions and decryptions. Of independent interest, we introduce a new notion called off-the-record deniability, which protects parties even when their claimed internal states are inconsistent (a case not covered by prior definitions). Our scheme satisfies both standard deniability and off-the-record deniability.
AB - Deniable encryption (Canetti et al., Crypto 1996) enhances secret communication over public channels, providing the additional guarantee that the secrecy of communication is protected even if the parties are later coerced (or willingly bribed) to expose their entire internal states: plaintexts, keys and randomness. To date, constructions of deniable encryption—and more generally, interactive deniable communication—only address restricted cases where only one party is compromised (Sahai and Waters, STOC 2014). The main question—whether deniable communication is at all possible if both parties are coerced at once—has remained open. We resolve this question in the affirmative, presenting a communication protocol that is fully deniable under coercion of both parties. Our scheme has three rounds, assumes subexponentially secure indistinguishability obfuscation and one-way functions, and uses a short global reference string that is generated once at system set-up and suffices for an unbounded number of encryptions and decryptions. Of independent interest, we introduce a new notion called off-the-record deniability, which protects parties even when their claimed internal states are inconsistent (a case not covered by prior definitions). Our scheme satisfies both standard deniability and off-the-record deniability.
UR - http://www.scopus.com/inward/record.url?scp=85089716911&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85089716911&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-56784-2_27
DO - 10.1007/978-3-030-56784-2_27
M3 - Conference contribution
AN - SCOPUS:85089716911
SN - 9783030567835
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 807
EP - 835
BT - Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings
A2 - Micciancio, Daniele
A2 - Ristenpart, Thomas
PB - Springer
T2 - 40th Annual International Cryptology Conference, CRYPTO 2020
Y2 - 17 August 2020 through 21 August 2020
ER -