Reliable, Deniable, and Hidable Communication over Multipath Networks

We consider the scenario wherein Alice wants to (potentially) communicate to the intended receiver Bob over a network consisting of multiple parallel links in the presence of a passive eavesdropper Willie, who observes an unknown subset of links. A primary goal of our communication protocol is to make the communication "deniable", {\it i.e.}, Willie should not be able to {\it reliably} estimate whether or not Alice is transmitting any {\it covert} information to Bob. Moreover, if Alice is indeed actively communicating, her covert messages should be information-theoretically "hidable" in the sense that Willie's observations should not {\it leak any information} about Alice's (potential) message to Bob -- our notion of hidability is slightly stronger than the notion of information-theoretic strong secrecy well-studied in the literature, and may be of independent interest. It can be shown that deniability does not imply either hidability or (weak or strong) information-theoretic secrecy; nor does any form of information-theoretic secrecy imply deniability. We present matching inner and outer bounds on the capacity for deniable and hidable communication over {\it multipath networks}.Comment: 26 pages, 4 figures; Extended version of the paper submitted for ISIT 201

Lattice-Based Group Signatures: Achieving Full Dynamicity (and Deniability) with Ease

In this work, we provide the first lattice-based group signature that offers full dynamicity (i.e., users have the flexibility in joining and leaving the group), and thus, resolve a prominent open problem posed by previous works. Moreover, we achieve this non-trivial feat in a relatively simple manner. Starting with Libert et al.'s fully static construction (Eurocrypt 2016) - which is arguably the most efficient lattice-based group signature to date, we introduce simple-but-insightful tweaks that allow to upgrade it directly into the fully dynamic setting. More startlingly, our scheme even produces slightly shorter signatures than the former, thanks to an adaptation of a technique proposed by Ling et al. (PKC 2013), allowing to prove inequalities in zero-knowledge. Our design approach consists of upgrading Libert et al.'s static construction (EUROCRYPT 2016) - which is arguably the most efficient lattice-based group signature to date - into the fully dynamic setting. Somewhat surprisingly, our scheme produces slightly shorter signatures than the former, thanks to a new technique for proving inequality in zero-knowledge without relying on any inequality check. The scheme satisfies the strong security requirements of Bootle et al.'s model (ACNS 2016), under the Short Integer Solution (SIS) and the Learning With Errors (LWE) assumptions. Furthermore, we demonstrate how to equip the obtained group signature scheme with the deniability functionality in a simple way. This attractive functionality, put forward by Ishida et al. (CANS 2016), enables the tracing authority to provide an evidence that a given user is not the owner of a signature in question. In the process, we design a zero-knowledge protocol for proving that a given LWE ciphertext does not decrypt to a particular message

Testimony, recovery and plausible deniability: A response to Peet

According to telling based views of testimony (TBVs), B has reason to believe that p when A tells B that p because A thereby takes public responsibility for B's subsequent belief that p. Andrew Peet presents a new argument against TBVs. He argues that insofar as A uses context-sensitive expressions to express p, A doesn't take public responsibility for B's belief that p. Since context-sensitivity is widespread, the kind of reason TBVs say we have to believe what we're told, is not widespread. Peet doesn't identify any problem with his own argument though he does attempt to limit its sceptical potential by identifying special contexts in which TBVs stand a chance of success. A more general defence of TBVs can be provided by showing Peet's argument to be unsound. I argue that Peet's argument is unsound because it requires us to wrongly suppose that speakers do far less labour than their audiences in context-sensitive linguistic communication. I aim to show why—in the context of the epistemology of testimony and the philosophy of language—it's important to recognize the labour that speakers can do, and so can can be held responsible for not doing, in episodes of context-sensitive linguistic communication