Deniable Ring Authentication

 Moni Naor


Digital Signatures enable authenticating messages in a way that disallows repudiation. While non-repudiation is essential in some applications, it might be undesirable in others. Two related notions of authentication are: Deniable Authentication (Dwork, Naor and Sahai STOC'98, see link ) and Ring Signatures (Rivest, Shamir and Tauman ASIACRYPT'2001). In this work we show how to combine these notions and achieve Deniable Ring Authentication: it is possible to convince a verifier that a member of an ad hoc subset of participants (a ring) is authenticating a message m without revealing which one (source hiding), and the verifier V cannot convince a third party that message m was indeed authenticated -- there is no `paper trail' of the conversation, other than what could be produced by V alone, as in zero-knowledge.

We provide an efficient protocol for deniable ring authentication based on any strong encryption scheme. That is once an entity has published a public-key of such a system it can be drafted to any such ring. There is no need for any other cryptographic primitive. The scheme can be extended to yield threshold authentication as well.

Postscript , gzipped Postscript , PDF . Also see Open Day 2005 talk: Cryptography and Complexity at the Weizmann Institute , Slides: ppt

Related On-Line Papers:

Back to On-line papers:  All on-line papers By topicRecent Papers

Back Home