Abstract:An authenticated encryption (AE) scheme simultaneously achieves two security goals: confidentiality and authenticity. AE can be divided into symmetric AE and asymmetrical (public key) AE. In a symmetric AE scheme, deniability is gained automatically. However, a public key AE scheme can not gain deniability automatically; on the contrary, it provides non-repudiation. In this paper, we address a question on deniability of public key AE. Of course, we can achieve this goal by “deniable authentication followed by encryption” method. However, such method has the following two weaknesses: (1) the computational cost and communication overhead are the sum of two cryptographic primitives; (2) it is complex to design cryptographic protocols with deniable authentication and confidentiality using two cryptographic primitives. To overcome the two weaknesses, we propose a new concept called deniable authenticated encryption (DAE) that can achieve both the functions of deniable authentication and public key encryption simultaneously, at a cost significantly lower than that required by the “deniable authentication followed by encryption” method. This single cryptographic primitive can simplify the design of cryptographic protocols with deniable authentication and confidentiality. In particular, we construct an identity-based deniable authenticated encryption (IBDAE) scheme. Our construction uses tag-key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) hybrid techniques, which is more practical for true applications. We show how to construct an IBDAE scheme using an identity-based deniable authenticated tag-KEM (IBDATK) and a DEM. We also propose an IBDATK scheme and prove its security in the random oracle model. For typical security level, our scheme is at least 50.7 and 22.7 % faster than two straightforward “deniable authentication followed by encryption” schemes, respectively. The communication overhead is respectively reduced at least 21.3 and 31.1 %. An application of IBDAE to an e-mail system is described.

Identity-based Deniable Authenticated Encryption and Its Application to E-Mail System

Efficient Deniably Authenticated Encryption and Its Application to E-Mail.

An Efficient Identity-Based Deniable Authenticated Encryption Scheme.

Certificateless Deniably Authenticated Encryption and Its Application to E-Voting System.

Designated-server Identity-Based Authenticated Encryption with Keyword Search for Encrypted Emails

Efficient public-key authenticated deniable encryption schemes

An Efficient Delegation-Based Anonymous Authentication Protocol

An Identity-Based Restricted Deniable Authentication Protocol

A Simple Protocol for Deniable Authentication Based on ElGamal Cryptography

Identity-based deniable authentication for ad hoc networks

DENIABLE AUTHENTICATION SCHEME FOR SECRET COMMUNICATION

A Novel Certificateless Deniable Authentication Protocol

An Efficient Certificateless Deniable Authentication Protocol Without Pairings

Designated-tester Identity-Based Authenticated Encryption with Keyword Search with applications in cloud systems

Fully Secure Anonymous Identity-Based Encryption under Simple Assumptions

SM9 Identity-Based Encryption with Designated-Position Fuzzy Equality Test

Heterogeneous deniable authenticated encryption for location-based services

Deniable Authentication Protocol Based on Public Key Algorithm

Deniable Authentication Protocol Based on Deffie-Hellman Algorithm

An Authorized Equality Test on Identity‐based Cryptosystem for Mobile Social Networking Applications

Practical Deniable Authentication for Pervasive Computing Environments.