Abstract
An authenticated (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by authentication followed by encryption method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated (DAE) that can achieve both the functions of deniable authentication and public key simultaneously, at a cost significantly lower than that required by the authentication followed by encryption method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward authentication followed by encryption schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.
Highlights
An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity
We propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the “deniable authentication followed by encryption” method
We show how to construct an identity-based deniable authenticated encryption (IBDAE) scheme using an identity-based deniable authenticated tag-key encapsulation mechanism (KEM) (IBDATK) and a data encapsulation mechanism (DEM)
Summary
An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. A symmetric AE use a keyed hash (i.e, a MAC) with some appropriate key K1 along with a secure encryption scheme with an independent key K2 to achieve AE. In this model, we need agree K1 and K2 between the sender and the receiver in advance. The authenticity of symmetric AE is deniable authentication since both the sender and the receiver can generate the same ciphertext. A public key AE does not automatically achieve deniable authentication since only the sender can generate a valid ciphertext. The symmetric AE is deniable and the public key AE is not deniable
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
