A Comparison of Deniable Encryption Notions

252 / BBB

2025-12-02

H. W.

16:30

Deniability is an important feature of modern cryptography. This property allows a participant to plausibly deny an action they have performed. Deniable encryption enables participants to achieve deniability in addition to the two fundamental properties of encryption: security and correctness. In a state with a public and impartial electronic voting system using encrypted ballots, the election should, in theory, be resilient to coercion. However, if the transmission of encrypted ballots takes place over a non-secure channel and a powerful but malicious party can coerce voters into revealing their votes, the election can no longer be considered impartial. By employing sender-deniable encryption to encrypt the ballots, the system could once again resist coercion. The deniability notion in deniable encryption can be classified into three categories: sender-deniability, receiver-deniability, and sender-and-receiver deniability. With sender-deniability, the sender can plausibly deny what they have sent. With receiver-deniability, the receiver can plausibly deny what they have received. With sender-and-receiver deniability, both the sender and the receiver can plausibly deny what they have sent or received respectively. In this thesis, we examine four deniable encryption schemes, two of which are sender-deniable schemes, one is a receiver-deniable scheme, and the other is a sender-and-receiver-deniable scheme. We first examine how they work and how they achieve the desired deniability property. In addition, we evaluate their performance with respect to the cost of time and space. We also observe how a general transformation between a sender-deniable and a receiver-deniable scheme is constructed. Furthermore, we compare the two sender-deniable schemes proposed by Howlader and Basu, Barakat. Finally, we prove that the scheme proposed by Howlader and Basu is not receiver-deniable, while the scheme proposed by Ibrahim is not sender-deniable.