Definition
Deniable encryption produces ciphertexts that are not a commitment.
Theory
Suppose Alice sends a message to Bob in an informal chat conversation. If a typical encryption scheme as the ElGamal public key encryption scheme or AES is used, an authority can ask Alice to reveal what she sent Bob. Indeed, in the case of ElGamal, when Alice did sent \(({C}_{1},{C}_{2}) = ({g}^{r},m{y}^{r})\) and is forced to reveal her randomness r used, anybody can obtain m. So, one can view the ciphertext as some commitment to the message. In the case of AES, when Alice is forced to reveal the key she shares with Bob, the authority again can obtain the message. (Using zero-knowledge, Alice is not required to reveal the key.)
The goal of deniable encryption [1] is that Alice can send a private message to Bob, without having the ciphertext result in a commitment. This can be viewed as allowing her to deny having sent a particular message. A scheme satisfying this condition is called a sender-deniable...
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Canetti R, Dwork C, Naor M, Ostrovsky R (1997) Deniable encryption. In: Kaliski BS (ed) Advances in cryptology Crypto ’97, Proceedings, Lecture notes in computer science, vol 1294, Springer-Verlag, Santa Barbara, California, 17–21 August, pp 90–104
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Desmedt, Y. (2011). Deniable Encryption. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_316
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_316
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering