[OTR-users] mpOTR question: denAKE() and deniability in front of J

[Christoph A.]

Hi Ian,

thank you for your fast reply!

On 08/25/2010 11:26 PM, Ian Goldberg wrote:
>> - Is denAKE(A,B) equal or similar to the OTR protocol? (if that is not
>> the case where can I find more information about denAKE)
> 
> It's reference [7] (see p. 8, col. 2, par. 3).

I think there is a small error in the reference:

Reference [7] as in http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf
" [7] C. Boyd, W. Mao, and K. G. Paterson. *Key
    Agreement Using Statically Keyed Authenticators*. In
    B. Christianson, B. Crispo, J. A. Malcolm, and
    M. Roe, editors, Security Protocols, 11th International
    Workshop, Revised Selected Papers, volume 3364 of
    LNCS, pages 255–271, Berlin, Germany, 2005.
    Springer Verlag.
"

The surrounding information (mainly year of publication, volume number,
page-range) and the topic tells me that you meant actually the following
paper - which was published in 2005 and is on page 255-271 of LNCS
volume 3364:

"Deniable authenticated key establishment for Internet protocols"

full reference:

C. Boyd, W. Mao and K.G. Paterson,  Deniable authenticated key
establishment for Internet protocols. In B. Christianson, B. Crispo,
J.A. Malcolm, M. Roe (eds.), Security Protocols, 11th International
Workshop, Revised Selected Papers.  Lecture Notes in Computer Science
Vol. 3364, pp. 255-271, Springer, 2005.

PDF file:
http://www.isg.rhul.ac.uk/%7Ekp/deniableauth.pdf

"Key agreement using statically keyed authenticators" was authored by
the same authors - maybe that was the trigger.

PDF file:
http://www.isg.rhul.ac.uk/%7Ekp/static.pdf

To cross check:
http://www.isg.rhul.ac.uk/~kp/
(scroll down to year 2005/2004)

Regarding denAKE() I'll also have a look at
http://portal.acm.org/citation.cfm?id=1180454
(ref. nr. 11) as the slides nr. 33+74 are also pointing at it.

> Yes, the last sentence is still true.  Even if all private keys are
> revealed to a judge, the judge should not be able to distinguish a real
> transcript from a fake one.  Participants *cannot* deny that those were
> their actual private keys, though.  So the keys are not deniable, but
> the messages and the participation are.

Thank you for the clearification.

>> I found some slides of talk at CCS:
>> http://goliath.cs.ucdavis.edu/~matt/pubs/mpotr-ccs09/mpotr-ccs09-slides.pdf
>> Does someone know if this talk is available somewhere?
> 
> That *is* the talk.  Or do you mean a video of it?  I don't know if the
> talks were recorded. 

Yes, I meant video or voice recordings.

kind regards,
Christoph

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20100826/9a0ea62e/attachment.pgp>