Offline deniability is the ability to a-posteriori deny having participated in a particular communication session. This property has been widely assumed for the Signal messaging application, yet no formal proof has appeared in the literature. In this paper, we present what we believe is the first formal study of the offline deniability of the Signal protocol. Our analysis shows that building a deniability proof for Signal is non-trivial and requires strong assumptions on the underlying mathematical groups where the protocol is run. To do so, we study various *implicitly authenticated* key exchange protocols including MQV, HMQV and 3DH/X3DH, the latter being the core key agreement protocol in Signal. We first present examples of mathematica...
[[abstract]]In a deniable authentication protocol, a receiver is convinced that a received message i...
When designing a security protocol, every choice can have far-reaching repercussions. It is therefor...
[[abstract]]A deniable authentication protocol is used to identify the source of a received message ...
Offline deniability is the ability to a posteriori deny having participated in a particular communic...
Deniable message authentication has drawn significant attention since it was first formalized by Dwo...
Deniable messaging protocols allow two parties to have \u27off-the-record\u27 conversations without ...
Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way ...
Modern secure messaging protocols typically aim to provide deniability. Achieving this requires that...
Deniable Authentication is a highly desirable property for secure messaging protocols: it allows a s...
Abstract. Deniable authentication is a technique that allows one party to send messages to another w...
This poster describes ongoing work on deniability in quantum cryptography, an area of research that ...
We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely une...
Abstract. In the problem of anonymous authentication (Boneh et al. CCS 1999), a sender wishes to aut...
In this work, we explore the notion of deniability in public-key authenticated quantum key exchange ...
We present some foundational ideas related to deniable encryption, message authentication, and key e...
[[abstract]]In a deniable authentication protocol, a receiver is convinced that a received message i...
When designing a security protocol, every choice can have far-reaching repercussions. It is therefor...
[[abstract]]A deniable authentication protocol is used to identify the source of a received message ...
Offline deniability is the ability to a posteriori deny having participated in a particular communic...
Deniable message authentication has drawn significant attention since it was first formalized by Dwo...
Deniable messaging protocols allow two parties to have \u27off-the-record\u27 conversations without ...
Deniable Authentication protocols allow a Sender to authenticate a message for a Receiver, in a way ...
Modern secure messaging protocols typically aim to provide deniability. Achieving this requires that...
Deniable Authentication is a highly desirable property for secure messaging protocols: it allows a s...
Abstract. Deniable authentication is a technique that allows one party to send messages to another w...
This poster describes ongoing work on deniability in quantum cryptography, an area of research that ...
We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely une...
Abstract. In the problem of anonymous authentication (Boneh et al. CCS 1999), a sender wishes to aut...
In this work, we explore the notion of deniability in public-key authenticated quantum key exchange ...
We present some foundational ideas related to deniable encryption, message authentication, and key e...
[[abstract]]In a deniable authentication protocol, a receiver is convinced that a received message i...
When designing a security protocol, every choice can have far-reaching repercussions. It is therefor...
[[abstract]]A deniable authentication protocol is used to identify the source of a received message ...