Deniable Encryption

11 years 2 months ago
Deniable Encryption
Consider a situation in which the transmission of encrypted messages is intercepted by an adversary who can later ask the sender to reveal the random choices and also the secret key, if one exists used in generating the ciphertext, thereby exposing the cleartext. An encryption scheme is deniable if the sender can generate `fake random choices' that will make the ciphertext `look like' an encryption of a di erent cleartext, thus keeping the real cleartext private. Analogous requirements can be formulated with respect to attacking the receiver and with respect to attacking both parties. In this paper we introduce deniable encryption and propose constructions of schemes with polynomial deniability. In additionto being interesting by itself, and having several applications, deniable encryption provides a simpli ed and elegant construction of adaptively secure multiparty computation.
Ran Canetti, Cynthia Dwork, Moni Naor, Rafail Ostr
Added 07 Aug 2010
Updated 07 Aug 2010
Type Conference
Year 1997
Authors Ran Canetti, Cynthia Dwork, Moni Naor, Rafail Ostrovsky
Comments (0)