Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [deniable-encryption]

Deniable encryption is a type of cryptography that allows an encrypted text to be decrypted in two or more ways, depending on which decryption key is used.

Deniable encryption is a type of cryptography that allows an encrypted text to be decrypted in two or more ways, depending on which decryption key is used. Normally ciphertexts decrypt to a single plaintext and hence once decrypted, the encryption user cannot claim that he encrypted a different message. Deniable encryption allows its users to decrypt the ciphertext to produce a different (innocuous but plausible) plaintext and insist that it is what they encrypted. The holder of the ciphertext will not have the means to differentiate between the true plaintext, and the bogus plaintext.

32 questions
19
votes
1 answer

How to communicate by email with forward secrecy and deniability?

My correspondents and I would like to communicate privately by email. We used to employ PGP but that might have been shooting ourselves in the foot. PGP doesn't have forward secrecy. If any of our private keys are ever compromised (by law, hacking,…
Colonel Panic
  • 313
  • 2
  • 12
8
votes
1 answer

Anonymous trust/reputation system

Suppose there are 3 persons, Alice, Bob and Peter. They are identified by their pseudonyms (public RSA keys). Alice has a key Alice, Bob has Bob-Work and Bob-Friends. Peter has Peter. Peter knows Alice. Alice expresses trust to Bob-Work. Peter knows…
wizzard0
  • 183
  • 5
7
votes
3 answers

Is LUKS Anti-Forensic information splitter (AFsplit) indistinguishable from random data?

I want to know if AFsplit(random_data_input, stripes, digestmod=sha) output is indistinguishable from random data. The attacker only has access to AFsplit output data. EDIT: This question is too vague as the answer depends on the randomness…
KrisWebDev
  • 167
  • 2
  • 7
7
votes
1 answer

Non-deniability of data sent over TLS

Andy is going to connect to a server Selma over TLS. Later, Andy would like to be able to publish everything (the ciphertexts, the plaintexts, all his keys) and prove to a mediator what data he sent to Selma over TLS; or prove what data Selma sent…
D.W.
  • 36,982
  • 13
  • 107
  • 196
7
votes
2 answers

Implement deniable encryption with AES/RSA

I'm on a crypto app using OpenSSL (I'm more an implementer/cryptographer than a cryptologist), mainly as a hobby, for now. My app will be able to encrypt a file (not a container) with symmetric or asymmetric or both encryption (sym then asym), and I…
Max13
  • 237
  • 2
  • 9
7
votes
2 answers

Deniable Encryption from simple primitives

Is there a deniable encryption scheme $M = E(p_1,k_1,p_2,k_2,...,p_n,k_n), p_j = D(M,k_j)$ of $n$ plaintexts $p_1,p_2,...,p_n$ and $n$ keys $k_1,k_2,...,k_n$, such that we can fix $D$ to be a known algorithm such as AES (without preprossessing $M$)…
Jason Knight
  • 73
  • 4
6
votes
2 answers

Ciphers providing Deniable encryption?

I stumbled on the concept of Deniable encryption on Wikipedia, with the following scenario: Deniable encryption allows the sender of an encrypted message to deny sending that message. This requires a trusted third party. A possible scenario…
J. Avod
  • 61
  • 2
6
votes
4 answers

Encryption algorithm that produces dummy output on incorrect passwords

Background: I've been thinking about using encryption in the context of backing up files to untrusted locations (to the point of making the file publicly and widely distributed for practically failsafe backup). The problem is, once a file is…
Jack Singleton
  • 173
  • 5
5
votes
2 answers

Perfect Deniability of a MAC

Overview One feature that is often underlooked of the One-Time Pad is its perfect deniability. i.e. If Alice sends a message to Bob that is seen by Eve then if Eve later goes to Alice with the ciphertext and tries to force Alice to disclose her key…
edggy
  • 453
  • 2
  • 10
5
votes
4 answers

A specific way for deniable encryption

I read the summary of deniable encryption on wikipedia: https://en.wikipedia.org/wiki/Deniable_encryption Then I read a question, by doom123 on security.SE: https://security.stackexchange.com/questions/34684/truly-deniable-encryption But I had a…
Shashank Sawant
  • 151
  • 1
  • 5
4
votes
2 answers

Making a cipher non-malleable using a plaintext transform?

NOTE: By malleable/non-malleable, I mean the ability/or not to change a byte/block of the ciphertext and have it change only that byte/block of the plaintext. I understand that we use authentication (via HMAC/UMAC/etc.) to verify integrity. However,…
Modal Nest
  • 1,473
  • 5
  • 18
4
votes
2 answers

Symmetric Encryption in the P=NP world

I expected to find answers along the lines of quantum-computing insight into attacking AES; however, answers on this question aren't applicable because "Quantum computers give a quadratic speedup on a (sic) general search problems". Let us suppose…
Joshua
  • 461
  • 4
  • 16
4
votes
2 answers

Untraceable communication protocol

I am doing a research about secure communication protocols. I would be interested to know whether a protocol exists such that it grants that the two end-points taking part to the communication cannot be traced (i.e. They can deny the communication…
eddy ed
  • 211
  • 1
  • 4
4
votes
0 answers

Security of stream cipher based on Matrix multiplication GF(256) with randomized padding

The actual question is stated at the end of the text. Suppose you have a (grossly inefficient) confidentiality stream cipher with the following components: The keyed function $F_k:\{0,1\}^{8n}\mapsto\{0,1\}^{16n}$ based on vectors with randomized…
Henrick Hellström
  • 10,556
  • 1
  • 32
  • 59
4
votes
2 answers

Is there an encryption/decryption algorithm that can give two different outputs?

The recent revelations that airport staff can detain travellers in an interrogation room and force them to give over passwords to encrypted-HDD laptops under threat of jail time has made me think about some sort of dual password…
Ashley Schroder
  • 143
  • 1
  • 3
1
2 3