[OTR-users] The effectiveness of deniability

Ximin Luo infinity0 at gmx.com
Thu Dec 5 20:26:22 EST 2013 

On 05/12/13 23:17, Daniel Kahn Gillmor wrote:
> On Fri 2013-11-29 12:59:56 -0500, Ximin Luo wrote:
>> On 29/11/13 16:55, Daniel Kahn Gillmor wrote:
>>>   https://www.calyxinstitute.org/events/multiparty-otr-and-deniability
>>
>> Unfortunately I'm nowhere nearby, but would be interested in any materials you guys might release afterwards!
> 
> Here's my writeup of the meeting:
> 
>   https://www.debian-administration.org/users/dkg/weblog/104
> 

> To be clear, this kind of deniability means Alice can correctly say "you have no cryptographic proof I said X", but it does not let her assert "here is cryptographic proof that I did not say X" (I can't think of any protocol that offers the latter assertion).

I can add a third form of "deniability" (or "repudiability", to match the terminology for signatures). From the strongest to the weakest, these are:

1. "I strongly prove the negative" - I can strongly prove that I did not say X, what you mentioned. Intuitively, this seems impossible.
2. "I strongly negate any proof" - any proof (strong or weak) is hard to find/construct (similar to what steganography does). This would include all sorts of metadata, such as how I send the data, the timing of me sending the data, who I send it to, who it appears to come from, and probably many more things I can't think of right now.
3. "I negate any strong proof" - no strong proof exists, what OTR provides.

(3) is what OTR provides, (1) is what you said, but (2) I think might theoretically be possible, albeit costly - e.g. by running over Tor, using short-lived identities, etc. I don't know of any technology that does this, but it is a much easier goal than (1).

> Comments and feedback welcome.
> 
> From my writeup:
> 
>>>> My takeaway from the discussion is that the legal utility of OTR's
>>>> deniability is non-zero, but quite low; and that development energy
>>>> focused on deniability is probably only justified if there are very
>>>> few costs associated with it.
> 
> Ximin wrote:
>> I am hesitating even bringing it up in the next cryptoparty session I
>> will do, because compared to the other properties, it's quite shaky,
>> and might just confuse the audience when I talk about the many caveats
>> like the ones above.
> 
> Yep, i understand where you're coming from on this.
> 
>      --dkg
> 


-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20131206/8f4890d8/attachment.pgp>

More information about the OTR-users mailing list