Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation

We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely unexplored. In the only work on this subject by Donald Beaver, it is argued that QKE is not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and how it extends to other constructions such as QKE obtained from uncloneable encryption. We then adopt the framework for quantum authenticated key exchange, developed by Mosca et al., and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. Next, we apply results from a recent work by Arrazola and Scarani on covert quantum communication to establish a connection between covert QKE and deniability. We propose DC-QKE, a simple deniable covert QKE protocol, and prove its deniability via a reduction to the security of covert QKE. Finally, we consider how entanglement distillation can be used to enable information-theoretically deniable protocols for QKE and tasks beyond key exchange.Comment: 16 pages, published in the proceedings of NordSec 201

Subverting Deniability

Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message. DPKE\u27s threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as the ability to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). An ASA replaces a trusted algorithm with a subverted version that undermines security from the point of view of the adversary while remaining undetected by users. ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender\u27s only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these. In this work, we show that subversion attacks against deniable encryption schemes present an attractive opportunity for an adversary. We note that whilst the notion is widely accepted, there are as yet no practical deniable PKE schemes; we demonstrate the feasibility of ASAs targeting deniable encryption using a representative scheme as a proof of concept. We also provide a formal model and discuss how to mitigate ASAs targeting deniable PKE schemes. Our results strengthen the security model for deniable encryption and highlight the necessity of considering subversion in the design of practical schemes

Security problems with a chaos-based deniable authentication scheme

Recently, a new scheme was proposed for deniable authentication. Its main originality lied on applying a chaos-based encryption-hash parallel algorithm and the semi-group property of the Chebyshev chaotic map. Although original and practicable, its insecurity and inefficiency are shown in this paper, thus rendering it inadequate for adoption in e-commerce.Comment: 8 pages, 1 figure, latex forma

Bilateralism: Negations, Implications and some Observations and Problems about Hypotheses

This short paper has two loosely connected parts. In the first part, I discuss the difference between classical and intuitionist logic in relation to different the role of hypotheses play in each logic. Harmony is normally understood as a relation between two ways of manipulating formulas in systems of natural deduction: their introduction and elimination. I argue, however, that there is at least a third way of manipulating formulas, namely the discharge of assumption, and that the difference between classical and intuitionist logic can be characterised as a difference of the conditions under which discharge is allowed. Harmony, as ordinarily understood, has nothing to say about discharge. This raises the question whether the notion of harmony can be suitably extended. This requires there to be a suitable fourth way of manipulating formulas that discharge can stand in harmony to. The question is whether there is such a notion: what might it be that stands to discharge of formulas as introduction stands to elimination? One that immediately comes to mind is the making of assumptions. I leave it as an open question for further research whether the notion of harmony can be fruitfully extended in the way suggested here. In the second part, I discuss bilateralism, which proposes a wholesale revision of what it is that is assumed and manipulated by rules of inference in deductions: rules apply to speech acts – assertions and denials – rather than propositions. I point out two problems for bilateralism. First, bilaterlists cannot, contrary to what they claim to be able to do, draw a distinction between the truth and assertibility of a proposition. Secondly, it is not clear what it means to assume an expression such as '+ A' that is supposed to stand for an assertion. Worse than that, it is plausible that making an assumption is a particular speech act, as argued by Dummett (Frege: Philosophy of Language, p.309ff). Bilaterlists accept that speech acts cannot be embedded in other speech acts. But then it is meaningless to assume + A or − A

Deniable encryption storage for mobile devices

I will introduce the progress of our work in building deniable storage systems for mobile devices. Generally, we rely on encryption to protect confidentiality of sensitive data. This conventional approach, however, is vulnerable to a coercive attack, in which the attacker may capture the device’s owner and coerce the owner to disclose the decryption key. We mitigate such a coercive attack by leveraging deniable encryption, to deny the existence of sensitive data even though the decryption key is compromised. This is extremely useful when a professional journalist or human rights worker collects criminal evidence using his/her mobile device in a region of oppression or conflict, and can rely on the deniable encryption storage to protect the sensitive data even when he/she is caught by the terrorist. Our results for deniable storage for mobile devices have appeared in prestigious security conferences including ACM CCS ’17, ACSAC ’15 and ISC ’14https://digitalcommons.mtu.edu/techtalks/1048/thumbnail.jp

The development of deniable authentication protocol based on the bivariate function hard problem

A deniable authentication protocol enables a receiver to identify the true source of a given message but not to prove the identity of the sender to the third party. Non-interactive protocol is more efficient than interactive protocol in terms of communication overhead, and thus several non-interactive deniable authentication protocols have been proposed. So, it is very necessary to design a deniable authentication protocol which is non-interactive, secure and efficient. This paper proposes a deniable authentication protocol based on the bivariate function hard problem (BFHP) cryptographic primitive. An improvement based on the BFHP is suggested since the problem of the BFHP provides the needed security elements plus its fast execution time. At the same time, the proposed protocol has properties of completeness, deniability, security of forgery attack, security of impersonation attack and security man-in-the-middle attack also has been proved