<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1" />
<title>single pass deniable authentication</title>
</head>
<body>
While we're on the subject of potential ways to improve OTR in its next stage, I came across a remarkably simple single pass deniable authentication scheme here:<br /><br />http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//eprint.iacr.org/2005/056.pdf&ei=LLH7Qoi-Mcv0YLzNkPMM<br /><br />The basis for the system is incredibly simple. We'll call Alice's public and private keys A and a respectively, and likewise for Bob; B and b.<br /><br />Alice wants to send a message to Bob, so she creates a random value, x, and sends the pair the pair ( Z, x ) to Bob, where Z = a(B(x)).<br /><br />Bob can then calculate x from Z as x = b(A(Z)), verifying Alice's RSA digital signature on x, essentially. However, Bob cannot prove to someone else that Alice created this pair, because he could create a value Z, and calculate x as x = b(A(Z)). The rest is just protocol to make the system feasible and robust. This system sounds so simple, though I've never heard of it before. The fact that it can operate in a single pass might be helpful for offline messages that you still want to be secure and authenticated, but repudiable.<br /><br />Thoughts? Opinions?<br /><br />-END-<br />
<pre>"Extending the war into Iraq would have incurred incalculable human and political
costs. We would have been forced to occupy Baghdad and, in effect, rule Iraq. The
coalition would instantly have collapsed, the Arabs deserting in anger and other
allies pulling out as well. Exceeding the U.N.'s mandate would have destroyed the
precedent of international response to aggression we hoped to establish. Had we
gone the invasion route, the U.S. could still be an occupying power in a bitterly
hostile land."
-- From "Why We Didn't Remove Saddam"
by George Bush [Sr.] and Brent Scowcroft, Time Magazine, 1998
</pre>
</body>
</html>