{"title":"可否认群聊的划时代签名","authors":"Andreas Hülsing, F. Weber","doi":"10.1109/SP40001.2021.00058","DOIUrl":null,"url":null,"abstract":"In this work we take a formal look at deniability in group chat applications and introduce the concept of \"epochal signatures\" that allows to turn many secure group chat protocols into deniable ones. Intuitively, the transform works for protocols that use signatures for authentication and that become deniable if the signatures are removed. In contrast to previous proposals that use signatures for entity authentication, like mpOTR (CCS’09), our construction does not require pairwise key establishment of participants and allows to add and remove participants without requiring to re-initialize the chat. These properties allow the deployment in protocols that are also designed to scale to very large groups. Finally, we construct a practical epochal signature scheme from generic primitives and prove it secure.","PeriodicalId":6786,"journal":{"name":"2021 IEEE Symposium on Security and Privacy (SP)","volume":"33 1","pages":"1677-1695"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Epochal Signatures for Deniable Group Chats\",\"authors\":\"Andreas Hülsing, F. Weber\",\"doi\":\"10.1109/SP40001.2021.00058\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work we take a formal look at deniability in group chat applications and introduce the concept of \\\"epochal signatures\\\" that allows to turn many secure group chat protocols into deniable ones. Intuitively, the transform works for protocols that use signatures for authentication and that become deniable if the signatures are removed. In contrast to previous proposals that use signatures for entity authentication, like mpOTR (CCS’09), our construction does not require pairwise key establishment of participants and allows to add and remove participants without requiring to re-initialize the chat. These properties allow the deployment in protocols that are also designed to scale to very large groups. Finally, we construct a practical epochal signature scheme from generic primitives and prove it secure.\",\"PeriodicalId\":6786,\"journal\":{\"name\":\"2021 IEEE Symposium on Security and Privacy (SP)\",\"volume\":\"33 1\",\"pages\":\"1677-1695\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE Symposium on Security and Privacy (SP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SP40001.2021.00058\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40001.2021.00058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this work we take a formal look at deniability in group chat applications and introduce the concept of "epochal signatures" that allows to turn many secure group chat protocols into deniable ones. Intuitively, the transform works for protocols that use signatures for authentication and that become deniable if the signatures are removed. In contrast to previous proposals that use signatures for entity authentication, like mpOTR (CCS’09), our construction does not require pairwise key establishment of participants and allows to add and remove participants without requiring to re-initialize the chat. These properties allow the deployment in protocols that are also designed to scale to very large groups. Finally, we construct a practical epochal signature scheme from generic primitives and prove it secure.