TY - JOUR
T1 - Efficient Deniably Authenticated Encryption and Its Application to E-Mail
AU - Li, Fagen
AU - Zhong, Di
AU - Takagi, Tsuyoshi
N1 - Funding Information:
This work was supported in part by the Fundamental Research Funds for the Central Universities under Grant ZYGX2013J069 and in part by the National Natural Science Foundation of China under Grant 61073176, Grant 61272525, Grant 61302161, and Grant 61462048.
Publisher Copyright:
© 2016 IEEE.
PY - 2016/11
Y1 - 2016/11
N2 - Confidentiality and authentication are two main security goals in secure electronic mail (e-mail). Pretty good privacy (PGP) and secure/multipurpose internet mail extensions (S/MIME) are two famous secure e-mail solutions. Both PGP and S/MIME use digital envelope to provide message confidentiality and digital signature to provide message authentication. However, these methods have the following two weaknesses: 1) digital signature provides non-repudiation evidence of sender that is not desired in some e-mail applications and 2) efficiency is low, since these methods use two kinds of public key cryptographic primitives: public key encryption and digital signature. To overcome the above two weaknesses, we introduce a new concept called deniably authenticated encryption that can achieve confidentiality, integrity, and deniable authentication in a logical single step. We first propose a deniably authenticated encryption scheme and prove its security in the random oracle model. Then, we design a secure e-mail protocol using the proposed deniably authenticated encryption scheme. The deniable authentication property protects senders' privacy.
AB - Confidentiality and authentication are two main security goals in secure electronic mail (e-mail). Pretty good privacy (PGP) and secure/multipurpose internet mail extensions (S/MIME) are two famous secure e-mail solutions. Both PGP and S/MIME use digital envelope to provide message confidentiality and digital signature to provide message authentication. However, these methods have the following two weaknesses: 1) digital signature provides non-repudiation evidence of sender that is not desired in some e-mail applications and 2) efficiency is low, since these methods use two kinds of public key cryptographic primitives: public key encryption and digital signature. To overcome the above two weaknesses, we introduce a new concept called deniably authenticated encryption that can achieve confidentiality, integrity, and deniable authentication in a logical single step. We first propose a deniably authenticated encryption scheme and prove its security in the random oracle model. Then, we design a secure e-mail protocol using the proposed deniably authenticated encryption scheme. The deniable authentication property protects senders' privacy.
UR - http://www.scopus.com/inward/record.url?scp=84984996884&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84984996884&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2016.2585086
DO - 10.1109/TIFS.2016.2585086
M3 - Article
AN - SCOPUS:84984996884
SN - 1556-6013
VL - 11
SP - 2477
EP - 2486
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 11
M1 - 7499859
ER -