MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp , 2007 Authors: Wei-Bin Lee, Chia-Chun Wu and Woei-Jiunn Tsaur Speaker: Jung-San Lee Date: 2007/02/08
MSN lab2 Introduction Deniable authentication Only the intended receiver can identify the true source of a given message The receiver cannot prove the source of the message to a third party The forward secrecy
MSN lab3 A review of Shao’s method S is the sender R is the receiver p is a large prime number q is a prime divisor of p-1 g is an element in GF(p) with order q. H( ) is a collision-free hash function (X S, Y S ) and (X R, Y R ) are the pairs of private/public keys, where
MSN lab4 SR 1. Select a random integer 2. Compute 3. Compute 4. Verify DSA based signature
MSN lab5 SR 1. Select a random integer 2. Compute 3. Compute 4. Verify Comments {M, r, s, MAC} MAC'=H(k'||M') {M', r, s, MAC'}
MSN lab6 The proposed method The same notations Generalized ElGamal signature
MSN lab7 SR 1. Select a random integer 2. Compute 3. Compute 4. Verify
MSN lab8 Conclusions The forward secrecy Deniable authentication