[1151] in cryptography@c2.net mail archive
Deniable encryption -- (you don't have to give up your key)
daemon@ATHENA.MIT.EDU (Ron Rivest)
Wed Jul 2 16:32:24 1997
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Wed, 02 Jul 97 16:01:49 EDT
To: cryptography@c2.net
Relevant to the question of having to give up your encryption key:
There is a wonderfule paper forthcoming at CRYPTO '97 by Ran Canetti,
Cynthia Dwork, Moni Naor, and Rafi Ostrovsky, entitled "Deniable
Encryption".
An early abstract of the work that I saw quite a while ago said:
"Consider a situation in which the transmission of an encrypted
message can be intercepted by an authority, and subsequently
(say in response to a court order) the sender can be coerced to
reveal the keys and random choices used in generating the
ciphertext, thereby revealing the message sent. An encryption
scheme is _deniable_ if the send can generate "plausible"
keys and random choices that will satisfy the authority and at
the same time keep the past communication private.
...
In this paper we define and construct various types of deniable
encryption schemes.
Don't contact me for details; contact the authors....
Cheers,
Ron Rivest
