Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [plausible-deniability]

Plausible deniability may refer $1)$ to deniable encryption schemes allowing the decryption of a ciphertext for a message $m$ to some distinct message $m'$ or $2)$ to a feature provided by deniable file systems.

Plausible deniability achieved by means of deniable encryption means that if a person who has encrypted some message $m$ to a ciphertext $c$ is forced (by an attacker) to provide the key, then this person can provide a fake key (or random choices) that can be used to decrypt the ciphertext to a different message $m'$. If for the attacker it is convincing that the ciphertext is an encryption of message $m'$, the encryption scheme is called deniable and plausible deniability is achieved.

Plausible deniability also refers to a feature provided by deniable file systems, meaning that one can plausibly deny the existence of files. This is typically achieved by means of deniable encryption.

18 questions
5
votes
2 answers

Plausibly deniable authentication for agents on multiple teams

Here's a problem that I've been thinking about: An individual, Alice, wishes to authenticate herself. She may wish to authenticate to Bob (who is on the blue team) that they are both on the blue team. She may wish to authenticate to Charlie (who is…
Stack Tracer
  • 148
  • 6
5
votes
2 answers

Plaintext DH keys in the message header in the Double Ratchet Algorithm

I've been reading details about the Double Ratchet algorithm, and I wanted some clarification regarding the aspect of the DH public keys going out in the plain in the header of every message. Quoting from the specifications of the Double…
QPTR
  • 151
  • 3
5
votes
0 answers

Why reveal MAC keys after using them?

As far as my understanding goes, MACs are used to determine whether the received message comes from a source with access to a MAC-key, which both parties know. Some crypto protocols reveal their used MAC keys after using them for message-exchange…
Spyro
  • 131
  • 1
  • 4
5
votes
4 answers

A specific way for deniable encryption

I read the summary of deniable encryption on wikipedia: https://en.wikipedia.org/wiki/Deniable_encryption Then I read a question, by doom123 on security.SE: https://security.stackexchange.com/questions/34684/truly-deniable-encryption But I had a…
Shashank Sawant
  • 151
  • 1
  • 5
4
votes
4 answers

Deniability properties of the X3DH Key Agreement Protocol

Signal's X3DH Key Agreement Protocol specification states in section 4.5.: Alternatively, it might be tempting to replace the DH-based mutual authentication (i.e. DH1 and DH2) with signatures from the identity keys. However, this reduces…
Cybran
  • 183
  • 1
  • 4
2
votes
2 answers

Does libsodium sealed box leak key ids?

I am using python and libnacl, which is a libsodium wrapper, to develop an application where users can deposit encrypted data. Alice uses libnacl.sealed.SealedBox(keyBob) to encrypt her message and uploads it to a database for Bob to download it.…
Brolf
  • 23
  • 3
2
votes
1 answer

What exactly is "Plausible Deniability in Internet Protocols"?

I am trying to understand the meaning of "Plausible Deniability Feature of Internet Protocols". To be specific, I am not able to understand what "Plausible Deniability" exactly means. Could someone explain what these terms mean and give some…
3h3j0k3r
  • 21
  • 1
2
votes
1 answer

Plausible Deniability in Schnorr

How does a dishonest verifier affect plausible deniability of the interactive Schnorr protocol?
user45255
  • 31
  • 1
2
votes
1 answer

How to deniably send a value

Alice has a single bit of information, b, that she wants to send to Bob (over an unalterable but possibly-monitored channel) but in such a way that without the cooperation of Bob she cannot prove to anyone else (Eve) besides Bob after-the-fact that…
TLW
  • 198
  • 1
  • 5
2
votes
1 answer

Decryption honeypots

When performing a key search, I've always wondered how you reliably detect a successful decryption once you hit the right key. I assume that you have to analyze the data and look for patterns: words, letter frequency, known file headers, statistical…
Alexander Torstling
  • 131
  • 2
1
vote
0 answers

Could you design something like a ring signature that uses website accounts instead of keys?

Ring signatures allow one to prove that you own a private key corresponding to a public key from a set of keys, without revealing which private key you control. This is useful if you are part of some group of people, and want to publish a message…
Christopher King
  • 839
  • 5
  • 20
1
vote
1 answer

Perfect Deniability of a MAC Protocol

I proposed an idea of Perfect Deniability of a MAC I tried to come up with a protocol that satisfies those security requirements as well as the normal security requirements of a MAC One-Time MAC Alice and Bob pre-share a $n^2$ OTP bits, $k$ (bits…
edggy
  • 453
  • 2
  • 10
1
vote
1 answer

Algorithm accepting every passphrase to fool unlegit user

I'm looking for specific names and literature on crypto algorithms that accept every passphrase input by the user, in order to 'decrypt' - even with false passphrase - and present the unlegit user with a false plaintext. The unlegit user should not…
user3200534
  • 175
  • 4
1
vote
2 answers

Many-out-of-many proofs

I need to prove that given vector of commitments of length N contains N-1 commitments to zero (and one to an arbitrary number). More formally, given vector: $$\textbf{a} = \begin{bmatrix} C(0, r_1) & C(0, r_2) & C(x, r_3) & ... & C(0, r_N) …
Seed Barret
  • 33
  • 5
1
vote
1 answer

How does the plausible deniability used by TrueCrypt work mathematically?

I have been unable to find any mathematical explanations on how TrueCrypt's plausible deniability encryption works, when using TC containers. Would someone be able to provide a mathematical walkthrough of how it works? Other encryption systems…
securityauditor
  • 139
  • 4
1
2