The Design And Implementation Of Deniable Authenticated Encryption

Deniable authentication protocol is an important branch of public key cryptography. In deniable authentication protocol, a sender is allowed to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, even if cooperating with a third party fully, the receiver has no ability to convince the third party of the fact that the message was sent by a specific sender either. These properties make deniable authentication very suitable for some special application scenarios such as electronic voting, electronic bidding and internet negotiations. However, most of the presented protocols didn’t achieve confidentiality and transmitted message in an unencrypted form which can not meet the requirement of security in real life. Few deniable authentication protocols achieve the property of confidentiality but there were no formal proofs to support the security.To settle these problems, we combined public key encryption and deniable authentication to design a new kind of encryption with properties of deniability, authentication and confidentiality within one logical step simultaneously. For efficiency, this new kind of encryption has a lower computation cost than performing encryption and deniable authentication separately and the new kind of encryption was named deniable authenticated encryption in this thesis. What’s more, we present a PKI-based deniable authenticated encryption scheme and an identity-based deniable authenticated encryption scheme using pairings. Besides, we give the security model and formal proof of the presented PKI-based deniable authenticated encryption scheme in random oracle model under CDH assumption and BDH assumption, while the formal proof of the identity-based scheme is presented under BDH assumption in random oracle model. Furthermore, we implemented the two schemes using PBC library and obtained precise computation cost. From the result of the implementations, we know that the two presented schemes in this thesis have a higher efficiency.Generally speaking, the two schemes in this thesis not only have a lower computation cost but also achieve the property of deniability, authentication and confidentiality within one logical step simultaneously which simplify the design of cryptographic protocols.