Digital Signatures enable authenticating messages in a way that
disallows repudiation. While non-repudiation is essential in some
applications, it might be undesirable in others. Two related
notions of authentication are: Deniable Authentication (Dwork Naor
and Sahai) and Ring Signatures (Rivest, Shamir and Tauman). In
this talk I will show how to combine these notions and achieve
Deniable Ring Authentication: it is possible to convince a
verifier that a member of an ad hoc subset of participants is
authenticating a message m without revealing which one, and
furthermore the verifier cannot convince a third party that the
message m was indeed authenticated -- there is no `paper trail' of
the conversation, other than what could be produced by V alone, as
in zero-knowledge.
Copyright. All Rights Reserved.