Epochal Signatures for Deniable Group Chats

Abstract

In this work we take a formal look at deniability in group chat applications and introduce the concept of "epochal signatures" that allows to turn many secure group chat protocols into deniable ones. Intuitively, the transform works for protocols that use signatures for authentication and that become deniable if the signatures are removed. In contrast to previous proposals that use signatures for entity authentication, like mpOTR (CCS’09), our construction does not require pairwise key establishment of participants and allows to add and remove participants without requiring to re-initialize the chat. These properties allow the deployment in protocols that are also designed to scale to very large groups. Finally, we construct a practical epochal signature scheme from generic primitives and prove it secure.