Deniability & Anonymity
In a public key scenario, message authentication has been long associated with digital signatures. In this case, however message authentication is connected with another property: non-repudiation. Once a party signs a message, she is bound to it. Everybody can verify that she signed it. This is a very useful prperty when digital signatures are used for contracts or commerce transactions, where conditions must be enforced in case of a dispute.
On the other hand, this feature raises important privacy issues. What if Alice wants to say something very private to Bob, in a way that Bob believes it comes from her, but also in a way that Bob cannot convince a third party that Alice said such a thing? Or even that Alice spoke to Bob at all? Clearly digital signatures do not allow Alice to do this.
The issue of deniability in public key authentication is thus to create authentication mechanisms where the receiver cannot prove to third party that he received an authenticated message from the sender. Deniability thus is an important privacy-enabling feature of cryptographic protocols and as such has many important practical applications.
Deniability is a component of the larger issue of anonymity in network communications. Group members are working on solutions for both deniability and anonymity.
D Catalano, M Di Raimondo, D Fiore, R Gennaro, O Puglisi, Fully Non-interactive Onion Routing with Forward-Secrecy.Applied Cryptography and Network Security, 2011.
D.Catalano, D.Fiore, R.Gennaro. Certificateless onion routing. ACM Conference on Computer and Communications Security 2009, pp.151-160
M.Di Raimondo, R.Gennaro and H.Krawczyk: Deniable authentication and key exchange. ACM Conference on Computer and Communications Security 2006: 400-409
M.Di Raimondo, R.Gennaro and H.Krawczyk. The Security of Off-the-Record Messaging. 2005 ACM Workshop on Privacy in the Electronic Society (WPES'05), pp.81-89.
M.Di Raimondo and R.Gennaro. New Approaches in Deniable Authentication. J. Cryptology 22(4):572-615 (2009). Extended version of the paper that appeared at the 2005 ACM Conference on Computer and Communications Security (CCS'05), pp.112-121.