On Deniable Authentication Against Malicious Verifiers
METADATA ONLY
Loading...
Author / Producer
Date
2025
Publication Type
Conference Paper
ETH Bibliography
yes
Citations
Scopus:
Altmetric
METADATA ONLY
Data
Rights / License
Abstract
Deniable authentication allows Alice to authenticate a mes sage to Bob, while retaining deniability towards third parties. In partic ular, not even Bob can convince a third party that Alice authenticated that message. Clearly, in this setting Bob should not be considered trust worthy. Furthermore, deniable authentication is necessary for deniable key exchange, as explicitly desired by Signal and off-the-record (OTR) messaging. In this work we focus on (publicly verifiable) designated verifier sig natures (DVS), which are a widely used primitive to achieve deniable authentication. We propose a definition of deniability against malicious verifiers for DVS. We give a construction that achieves this notion in the random oracle (RO) model. Moreover, we show that our notion is not achievable in the standard model with a concrete attack; thereby giving
a non-contrived example of the RO heuristic failing. All previous protocols that claim to achieve deniable authentica tion against malicious verifiers (like Signal’s initial handshake protocols .X3DH and .PQXDH) rely on the Extended Knowledge of Diffie–Hellman (EKDH) assumption. We show that this assumption is broken and that these protocols do not achieve deniability against malicious verifiers.
Permanent link
Publication status
published
External links
Book title
Advances in Cryptology – CRYPTO 2025
Journal / series
Volume
16007
Pages / Article No.
3 - 38
Publisher
Springer
Event
45th Annual International Cryptology Conference (CRYPTO 2025)
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Deniability; Designated verifier signature; Random oracle model; Rogue key attacks
Organisational unit
09693 - Hofheinz, Dennis / Hofheinz, Dennis