Deniable authentication

Face-to-face conversation has two interesting properties:

• Authentication: as a listener, one implicitly knows that the words one hears are indeed being spoken by the speaker – this is confirmed visually and via recognition of voice – via presence.

• Deniability: it is not possible to prove afterward to a third party what the speaker said by relaying the words; even if one recorded the conversation (e.g. on tape), the speaker could claim that the recording is a forgery.

These two properties together form what is called deniable authentication; participants in a conversation can be sure who they are conversing with, but neither can prove afterward what was said or who said what.

Deniable authentication can be implemented for online communication by having each pair of participants agree upon a shared secret, a symmetric encryption key beknownst only to them, which is used by each party to encrypt and exchange their public key corresponding to the private key used for signing messages. Since both parties know the encryption key, one could forge an encrypted signing key exchange from the other party and then send messages to oneself in the other party's name. This forgeability aspect is what lends the communication deniability.

For group messaging, the pairwise secret key exchange may be performed for each pair of participants in the group. Due to the pairwise uniqueness of the shared secrets, it is not possible to successfully forge messages in another party's name, as that party would have a different shared key with another, third, party.