Deniable encryption

Ran Canetti, Cynthia Dwork, Moni Naor, Rafall Ostrovsky

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Consider a situation in which the transmission of encrypted messages is intercepted by an adversary who can later ask the sender to reveal the random choices (and also the secret key, if one exists) used in generating the ciphertext, thereby exposing the cleartext. An encryption scheme is deniable if the sender can generate 'fake random choices' that will make the ciphertext 'look like' an enczyption of a di~erent cleartext, thus keeping the real cleartext private. Analogous requirements can be formulated with respect to attacking the receiver and with respect to attacking both parties. In this paper we introduce deniable encryption and propose constructions of schemes with polynomial deniability. In addition to being interesting by itself, and having several applications, deniable encryption provides a simplified and elegant construction of adaptirely secure multiparty computation.

Original languageEnglish
Title of host publicationAdvances in Cryptology — CRYPTO 1997 - 17th Annual International Cryptology Conference, Proceedings
EditorsB.S. Kaliski
PublisherSpringer Verlag
Number of pages15
ISBN (Print)3540633847, 9783540633846
StatePublished - 1997
Externally publishedYes
Event17th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 1997 - Santa Barbara, United States
Duration: 17 Aug 199721 Aug 1997

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference17th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 1997
Country/TerritoryUnited States
CitySanta Barbara


Dive into the research topics of 'Deniable encryption'. Together they form a unique fingerprint.

Cite this