MaruTukku
   HOME

TheInfoList



OR:

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
and
steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination. In computing/ ...
, plausibly deniable encryption describes
encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
data exists. The users may convincingly deny that a given piece of data is encrypted, or that they are able to decrypt a given piece of encrypted data, or that some specific encrypted data exists. Such denials may or may not be genuine. For example, it may be impossible to prove that the data is encrypted without the cooperation of the users. If the data is encrypted, the users genuinely may not be able to decrypt it. Deniable encryption serves to undermine an attacker's confidence either that data is encrypted, or that the person in possession of it can decrypt it and provide the associated plaintext. In their pivotal 1996 paper,
Ran Canetti Ran Canetti () is a professor of Computer Science at Boston University. and the director of the Check Point Institute for Information Security and of the Center for Reliable Information System and Cyber Security. He is also associate editor of the ...
,
Cynthia Dwork Cynthia Dwork (born June 27, 1958) is an American computer scientist renowned for her contributions to cryptography, distributed computing, and algorithmic fairness. She is one of the inventors of differential privacy and proof-of-work. Dwork w ...
,
Moni Naor Moni Naor () is an Israeli computer scientist, currently a professor at the Weizmann Institute of Science. Naor received his Ph.D. in 1989 at the University of California, Berkeley. His advisor was Manuel Blum. He works in various fields of com ...
, and
Rafail Ostrovsky Rafail Ostrovsky is a distinguished professor of computer science and mathematics at University of California, Los Angeles, UCLA and a well-known researcher in algorithms and cryptography. Biography Rafail Ostrovsky received his Ph.D. from Massa ...
introduced the concept of deniable encryption, a cryptographic breakthrough that ensures privacy even under coercion. This concept allows encrypted communication participants to plausibly deny the true content of their messages. Their work lays the foundational principles of deniable encryption, illustrating its critical role in protecting privacy against forced disclosures. This research has become a cornerstone for future advancements in cryptography, emphasizing the importance of deniable encryption in maintaining communication security. The notion of deniable encryption was used by
Julian Assange Julian Paul Assange ( ; Hawkins; born 3 July 1971) is an Australian editor, publisher, and activist who founded WikiLeaks in 2006. He came to international attention in 2010 after WikiLeaks published a series of News leak, leaks from Chels ...
and Ralf Weinmann in the Rubberhose filesystem.


Function

Deniable encryption makes it impossible to prove the origin or existence of the plaintext message without the proper decryption key. This may be done by allowing an encrypted message to be decrypted to different sensible plaintexts, depending on the key used. This allows the sender to have
plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...
if compelled to give up their encryption key.


Scenario

In some jurisdictions, statutes assume that human operators have access to such things as encryption keys, and governments may enact
key disclosure law Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and ...
s that compel individuals to relinquish keys upon request. Countries such as
France France, officially the French Republic, is a country located primarily in Western Europe. Overseas France, Its overseas regions and territories include French Guiana in South America, Saint Pierre and Miquelon in the Atlantic Ocean#North Atlan ...
and
Australia Australia, officially the Commonwealth of Australia, is a country comprising mainland Australia, the mainland of the Australia (continent), Australian continent, the island of Tasmania and list of islands of Australia, numerous smaller isl ...
give prosecutors wide-ranging power to compel any person to surrender keys to make available any information encountered in the course of an investigation, and failure to comply incurs jail time and/or civil fines. Another example is the
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...
's Regulation of Investigatory Powers Act, which makes it a crime not to surrender encryption keys on demand from a government official authorized by the act. According to the
Home Office The Home Office (HO), also known (especially in official papers and when referred to in Parliament) as the Home Department, is the United Kingdom's interior ministry. It is responsible for public safety and policing, border security, immigr ...
, the burden of proof that an accused person is in possession of a key rests on the prosecution; moreover, the act contains a defense for operators who have lost or forgotten a key, and they are not liable if they are judged to have done what they can to recover a key. Such laws are not universal, however - in the
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
, though the issue has never reached the
Supreme Court In most legal jurisdictions, a supreme court, also known as a court of last resort, apex court, high (or final) court of appeal, and court of final appeal, is the highest court within the hierarchy of courts. Broadly speaking, the decisions of ...
, lower courts frequently view forced disclosure of
password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
s as a form of
self-incrimination In criminal law, self-incrimination is the act of making a statement that exposes oneself to an accusation of criminal liability or prosecution. Self-incrimination can occur either directly or indirectly: directly, by means of interrogation where ...
and an unconstitutional abridgement of the Fifth Amendment. In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
,
rubber-hose cryptanalysis In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists. The users ...
is a
euphemism A euphemism ( ) is when an expression that could offend or imply something unpleasant is replaced with one that is agreeable or inoffensive. Some euphemisms are intended to amuse, while others use bland, inoffensive terms for concepts that the u ...
for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by
coercion Coercion involves compelling a party to act in an involuntary manner through the use of threats, including threats to use force against that party. It involves a set of forceful actions which violate the free will of an individual in order to i ...
or
torture Torture is the deliberate infliction of severe pain or suffering on a person for reasons including corporal punishment, punishment, forced confession, extracting a confession, interrogational torture, interrogation for information, or intimid ...
—such as beating that person with a rubber
hose A hose is a flexible hollow tube or pipe designed to carry fluids from one location to another, often from a faucet or hydrant. Early hoses were made of leather, although modern hoses are typically made of rubber, canvas, and helically wound w ...
, hence the name—in contrast to a mathematical or technical cryptanalytic attack. An early use of the term was on the
sci.crypt There are several newsgroups relevant for discussions about cryptography and related issues. *sci.crypt — an unmoderated forum for discussions on technical aspects of cryptography. * sci.crypt.research — a similar, moderated group, ...
newsgroup, in a message posted 16 October 1990 by
Marcus J. Ranum Marcus J. Ranum (born November 5, 1962, in New York City, New York (state), New York, United States) is a computer and network security researcher. He is credited with a number of innovations in Firewall (computing), firewalls, including buildin ...
, alluding to
corporal punishment A corporal punishment or a physical punishment is a punishment which is intended to cause physical pain to a person. When it is inflicted on Minor (law), minors, especially in home and school settings, its methods may include spanking or Padd ...
:
...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive).
Such methods are also euphemistically referred to as "wrench attacks," in reference to an
xkcd ''xkcd'' is a serial webcomic created in 2005 by American author Randall Munroe. Sometimes styled ''XKCD'', the comic's tagline describes it as "a webcomic of romance, sarcasm, math, and language". Munroe states on the comic's website that the ...
comic with a similar premise. Deniable encryption allows the sender of an encrypted message to deny sending that message. This requires a trusted third party. A possible scenario works like this: #Bob suspects his wife
Alice Alice may refer to: * Alice (name), most often a feminine given name, but also used as a surname Literature * Alice (''Alice's Adventures in Wonderland''), a character in books by Lewis Carroll * ''Alice'' series, children's and teen books by ...
is engaged in adultery. That being the case, Alice wants to communicate with her secret lover Carl. She creates two keys, one intended to be kept secret, the other intended to be sacrificed. She passes the secret key (or both) to Carl. #Alice constructs an innocuous message M1 for Carl (intended to be revealed to Bob in case of discovery) and an incriminating love letter M2 to Carl. She constructs a cipher-text C out of both messages, M1 and M2, and emails it to Carl. #Carl uses his key to decrypt M2 (and possibly M1, in order to read the fake message, too). #Bob finds out about the email to Carl, becomes suspicious and forces Alice to decrypt the message. #Alice uses the sacrificial key and reveals the innocuous message M1 to Bob. Since it is impossible for Bob to know for sure that there might be other messages contained in C, he might assume that there ''are'' no other messages. Another scenario involves Alice sending the same ciphertext (some secret instructions) to Bob and Carl, to whom she has handed different keys. Bob and Carl are to receive different instructions and must not be able to read each other's instructions. Bob will receive the message first and then forward it to Carl. #Alice constructs the ciphertext out of both messages, M1 and M2, and emails it to Bob. #Bob uses his key to decrypt M1 and isn't able to read M2. #Bob forwards the ciphertext to Carl. #Carl uses his key to decrypt M2 and isn't able to read M1.


Forms of deniable encryption

Normally, ciphertexts decrypt to a single plaintext that is intended to be kept secret. However, one form of deniable encryption allows its users to decrypt the ciphertext to produce a different (innocuous but plausible) plaintext and plausibly claim that it is what they encrypted. The holder of the ciphertext will not be able to differentiate between the true plaintext, and the bogus-claim plaintext. In general, one
ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...
cannot be decrypted to all possible
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
s unless the key is as large as the
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
, so it is not practical in most cases for a ciphertext to reveal no information whatsoever about its plaintext. However, some schemes allow decryption to decoy plaintexts that are close to the original in some metric (such as
edit distance In computational linguistics and computer science, edit distance is a string metric, i.e. a way of quantifying how dissimilar two String (computing), strings (e.g., words) are to one another, that is measured by counting the minimum number of opera ...
). Modern deniable encryption techniques exploit the fact that without the key, it is infeasible to distinguish between ciphertext from
block cipher In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...
s and data generated by a
cryptographically secure pseudorandom number generator A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also referred t ...
(the cipher's
pseudorandom permutation In cryptography, a pseudorandom permutation (PRP) is a function that cannot be distinguished from a random permutation (that is, a permutation selected at random with uniform probability, from the family of all permutations on the function's domai ...
properties). This is used in combination with some
decoy A decoy (derived from the Dutch ''de'' ''kooi'', literally "the cage" or possibly ''eenden kooi'', " duck cage") is usually a person, device, or event which resembles what an individual or a group might be looking for, but it is only meant to ...
data that the user would plausibly want to keep confidential that will be revealed to the attacker, claiming that this is all there is. This is a form of
steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination. In computing/ ...
. If the user does not supply the correct key for the truly secret data, decrypting it will result in apparently random data, indistinguishable from not having stored any particular data there.


Examples


Layers

One example of deniable encryption is a
cryptographic filesystem Filesystem-level encryption, often called file-based encryption, FBE, or file/folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to the full disk encr ...
that employs a concept of abstract "layers", where each layer can be decrypted with a different encryption key. Additionally, special "
chaff Chaff (; ) is dry, scale-like plant material such as the protective seed casings of cereal grains, the scale-like parts of flowers, or finely chopped straw. Chaff cannot be digested by humans, but it may be fed to livestock, ploughed into soil ...
layers" are filled with random data in order to have
plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...
of the existence of real layers and their encryption keys. The user can store decoy files on one or more layers while denying the existence of others, claiming that the rest of space is taken up by chaff layers. Physically, these types of filesystems are typically stored in a single directory consisting of equal-length files with filenames that are either
random In common usage, randomness is the apparent or actual lack of definite pattern or predictability in information. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. ...
ized (in case they belong to chaff layers), or
cryptographic hash A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptographic application: * the probability of a particu ...
es of strings identifying the blocks. The
timestamp A timestamp is a sequence of characters or encoded information identifying when a certain event occurred, usually giving date and time of day, sometimes accurate to a small fraction of a second. Timestamps do not have to be based on some absolu ...
s of these files are always randomized. Examples of this approach include Rubberhose filesystem. Rubberhose (also known by its development codename Marutukku) is a deniable encryption program which encrypts data on a storage device and hides the encrypted data. The existence of the encrypted data can only be verified using the appropriate cryptographic key. It was created by
Julian Assange Julian Paul Assange ( ; Hawkins; born 3 July 1971) is an Australian editor, publisher, and activist who founded WikiLeaks in 2006. He came to international attention in 2010 after WikiLeaks published a series of News leak, leaks from Chels ...
as a tool for human rights workers who needed to protect sensitive data in the field and was initially released in 1997. The name Rubberhose is a joking reference to the
cypherpunks A cypherpunk is one who advocates the widespread use of strong cryptography and privacy-enhancing technologies as a means of effecting social and political change. The cypherpunk movement originated in the late 1980s and gained traction with th ...
term rubber-hose cryptanalysis, in which encryption keys are obtained by means of violence. It was written for
Linux kernel The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
2.2,
NetBSD NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...
and
FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
in 1997–2000 by
Julian Assange Julian Paul Assange ( ; Hawkins; born 3 July 1971) is an Australian editor, publisher, and activist who founded WikiLeaks in 2006. He came to international attention in 2010 after WikiLeaks published a series of News leak, leaks from Chels ...
,
Suelette Dreyfus Suelette Dreyfus is an Australian technology researcher, journalist, and academic. She is a lecturer in the Department of Computing and Information Systems at the University of Melbourne, as well as the principal researcher on the impact of digi ...
, and Ralf Weinmann. The latest version available, still in alpha stage, is v0.8.3.


Container volumes

Another approach used by some conventional
disk encryption software Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media (e.g., a Hard disk drive, hard disk, floppy disk, or USB flash drive, USB device) by using disk encryption. Compared to ac ...
suites is creating a second encrypted
volume Volume is a measure of regions in three-dimensional space. It is often quantified numerically using SI derived units (such as the cubic metre and litre) or by various imperial or US customary units (such as the gallon, quart, cubic inch) ...
within a container volume. The container volume is first formatted by filling it with encrypted random data, and then initializing a filesystem on it. The user then fills some of the filesystem with legitimate, but plausible-looking decoy files that the user would seem to have an incentive to hide. Next, a new encrypted volume (the hidden volume) is allocated within the free space of the container filesystem which will be used for data the user actually wants to hide. Since an adversary cannot differentiate between encrypted data and the random data used to initialize the outer volume, this inner volume is now undetectable. LibreCrypt and
BestCrypt BestCrypt, developed bJetico is a commercial disk encryption app available for Windows, Linux, macOS and Android. BestCrypt comes in two editions: BestCrypt Volume Encryption to encrypt entire disk volumes; BestCrypt Container Encryption to ...
can have many hidden volumes in a container;
TrueCrypt TrueCrypt is a discontinued source-available freeware utility software, utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a Disk partitioning, partition, or encrypt the whole Data storag ...
is limited to one hidden volume.


Other software

*
Cryptee Cryptee is a privacy focused client-side encrypted and cross-platform productivity suite and data storage service. History Cryptee was founded in 2017, by John Ozbay, a cybersecurity researcher, commenter, and activist, to exclusively foc ...
, an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
, client-side encrypted,
cross-platform Within computing, cross-platform software (also called multi-platform software, platform-agnostic software, or platform-independent software) is computer software that is designed to work in several Computing platform, computing platforms. Some ...
productivity suite Productivity is the efficiency of production of goods or services expressed by some measure. Measurements of productivity are often expressed as a ratio of an aggregate output to a single input or an aggregate input used in a production proce ...
and
cloud storage service A file-hosting service, also known as cloud-storage service, online file-storage provider, or cyberlocker, is an internet hosting service specifically designed to host user files. These services allow users to upload files that can be accessed o ...
which offers its users the ability to hide (''ghost'') folders and photo albums for
plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...
. * LibreCrypt,
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
transparent disk encryption for MS Windows and PocketPC PDAs that provides both deniable encryption and
plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...
. Offers an extensive range of encryption options, and doesn't need to be installed before use as long as the user has administrator rights. *
Off-the-Record Messaging Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of Advanced Encryption Standard, AES symmetric-key algorithm with 128 bits key length, the Diffie–Hel ...
, a cryptographic technique providing true deniability for
instant messaging Instant messaging (IM) technology is a type of synchronous computer-mediated communication involving the immediate ( real-time) transmission of messages between two or more parties over the Internet or another computer network. Originally involv ...
. *
OpenPuff OpenPuff Steganography and Watermarking, sometimes abbreviated OpenPuff or Puff, is a free steganography tool for Microsoft Windows created by Cosimo Oliboni and still maintained as independent software. The program is notable for being the first ...
, freeware semi-open-source steganography for MS Windows. *
StegFS StegFS is a free steganographic file system for Linux based on the ext2 filesystem. It is licensed under the GPL. It was principally developed by Andrew D. McDonald and Markus G. Kuhn, who developed versions 1.0.0 to 1.1.4. In 2003, Andreas C ...
, the current successor to the ideas embodied by the Rubberhose and PhoneBookFS filesystems. * Vanish, a research prototype implementation of self-destructing data storage. *
VeraCrypt VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or (in Windows) the entire sto ...
(a successor to a discontinued
TrueCrypt TrueCrypt is a discontinued source-available freeware utility software, utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a Disk partitioning, partition, or encrypt the whole Data storag ...
), an on-the-fly disk encryption software for
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
,
Mac Mac or MAC may refer to: Common meanings * Mac (computer), a line of personal computers made by Apple Inc. * Mackintosh, a raincoat made of rubberized cloth * Mac, a prefix to surnames derived from Gaelic languages * McIntosh (apple), a Canadi ...
and
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
providing limited deniable encryption and to some extent (due to limitations on the number of hidden volumes which can be created)
plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...
, without needing to be installed before use as long as the user has full administrator rights.


Detection

The existence of hidden encrypted data may be revealed by flaws in the implementation. It may also be revealed by a so-called
watermarking attack In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key. Problem description Disk encryption suites g ...
if an inappropriate cipher mode is used. The existence of the data may be revealed by it 'leaking' into non-encrypted disk space where it can be detected by
forensic Forensic science combines principles of law and science to investigate criminal activity. Through crime scene investigations and laboratory analysis, forensic scientists are able to link suspects to evidence. An example is determining the time and ...
tools. Doubts have been raised about the level of plausible deniability in 'hidden volumes' – the contents of the "outer" container filesystem have to be 'frozen' in its initial state to prevent the user from corrupting the hidden volume (this can be detected from the access and modification timestamps), which could raise suspicion. This problem can be eliminated by instructing the system not to protect the hidden volume, although this could result in lost data.


Drawbacks

Possession of deniable encryption tools could lead attackers to continue torturing a user even after the user has revealed all their keys, because the attackers could not know whether the user had revealed their last key or not. However, knowledge of this fact can disincentivize users from revealing any keys to begin with, since they will never be able to prove to the attacker that they have revealed their last key.


Deniable authentication

Some in-transit encrypted messaging suites, such as
Off-the-Record Messaging Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of Advanced Encryption Standard, AES symmetric-key algorithm with 128 bits key length, the Diffie–Hel ...
, offer
deniable authentication In cryptography, deniable authentication refers to message authentication between a set of participants where the participants themselves can be confident in the authenticity of the messages, but it cannot be proved to a third party after the event ...
which gives the participants
plausible deniability Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge or responsibility for actions committed by or on behalf of members of their organizational hierarchy. They may ...
of their conversations. While deniable authentication is not technically "deniable encryption" in that the encryption of the messages is not denied, its deniability refers to the inability of an adversary to prove that the participants had a conversation or said anything in particular. This is achieved by the fact that all information necessary to forge messages is appended to the encrypted messages – if an adversary is able to create digitally authentic messages in a conversation (see hash-based message authentication code (HMAC)), they are also able to
forge A forge is a type of hearth used for heating metals, or the workplace (smithy) where such a hearth is located. The forge is used by the smith to heat a piece of metal to a temperature at which it becomes easier to shape by forging, or to the ...
messages in the conversation. This is used in conjunction with
perfect forward secrecy In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session ke ...
to assure that the compromise of encryption keys of individual messages does not compromise additional conversations or messages.


See also

* * * * * * *


References


Further reading

* * * {{DEFAULTSORT:Deniable Encryption Cryptography