[OTR-users] mpOTR question: denAKE() and deniability in front of J

Christoph A. casmls at gmail.com
Wed Aug 25 14:58:03 EDT 2010


Hi,

I'm studying the mpOTR design and would have some questions regarding
algorithm 4 and some other questions regarding chapter 3.2.3 of the  paper:
http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf

- Is denAKE(A,B) equal or similar to the OTR protocol? (if that is not
the case where can I find more information about denAKE)
- Is k the encryption key and km the key for the MAC?
- If that is the case, why is km in line 4 (Send(B, SymEnc(Sign())..))
used if there is no MAC (just SymEnc)?


Regarding the deniability in the case where a
judge forces participants of a chat session (c1) to disclose their long
term private keys:

From chapter 3.2.3:
"
Our privacy requirement is stronger than the settings presented in [11,
12] because J must not be able to distinguish between Alice’s
transcripts and forgeries even if J gets Alice’s long-term secrets.
"

later on:
"
We accept that users cannot convincingly
deny their static secrets in order to achieve a less compli-
cated protocol. The users can still deny taking part in any
fixed chatroom and the content of messages that they sent.
"

My question:
Is this last sentence true, even if a judge gets the long-term keys of
all participants of a given chat session, or was the requirement in
chapter 3.2.3 sacrified for a "less complicated" design?

I found some slides of talk at CCS:
http://goliath.cs.ucdavis.edu/~matt/pubs/mpotr-ccs09/mpotr-ccs09-slides.pdf
Does someone know if this talk is available somewhere?

kind regards,
Christoph

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100825/d302fd07/attachment.pgp>


More information about the OTR-users mailing list