New Approaches for Deniable Authentication

Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way that the Receiver cannot convince a third party that such authentication (or any authentication) ever took place. We present two new approaches to the problem of deniable authentication. The novelty of our schemes is that they do not require the use of CCA-secure encryption (all previous known solutions did), thus showing a different generic approach to the problem of deniable authentication. This new approach is practically relevant as it leads to more efficient protocols and security reductions. In the process we point out a subtle definitional issue for deniability. In particular we propose the notion of forward deniability, which requires that the authentications remain deniable even if the Sender wants to later prove that she authenticated a message. We show that forward deniability is not implied by the original notion of deniability, by showing some deniable protocols which are not forward deniable. Our new proposals are forward deniable.