可否認的驗證協定必須滿足兩項特性：包括(1)只有指定的接收者能驗證已接收資料之來源，稱為可驗證性；以及(2)此指定的接收者無法向第三者證明資料來源端的身分，稱為可否認性。
為了滿足可否認性，在過去所提出的可否認驗證協定中，接收者可以偽造傳送者傳來的訊息。既然接收者可以自行偽造訊息，傳送者即可否認曾有傳送訊息的動作。雖然傳送者可以否認資料是由他所送出，但當指定的接收者向別人聲稱收到的資訊並非由傳送者所給予，傳送者也無法拿出證據證明接收者之陳述並非事實。為了證明資料的確實是由傳送者所送出，於是我們提出具有傳送資料者保護機制的可否認的驗證協定。在這樣的協定當中，雖然接收者仍然可以偽造訊息，但使用者有能力可以證明自己所傳過的訊息確實是自己傳送的。
為了在可否認驗證協定中，更進一步保護傳送者權益的目的，最好是讓傳送者在協定中變成匿名的。於是，我們的可否認驗證協定的研究，另一項目標即是設計出可以讓傳送者匿名的保護措施。

A deniable authentication protocol should satisfy the property that only the intended receiver authenticates the sender’s identity of received messages.  This property is called authentication property.  On the other hand, the intended receiver cannot prove the sender’s identity to the third party.  The second property is called deniability property.  To satisfy deniability property, in most deniable authentication protocols, the receiver is able to forge/modify the received message from the sender.  Since the received data is forgeable by the receiver, the sender easily denies that he/she sent the data.  Although the sent message is deniable for the sender, the sender still has no evidence to prove that he/she sent the message to prevent the receiver’s circumvention.  In this propose, a new property, sender protection, is proposed for the deniable authentication protocol.  In a deniable authentication protocol with sender protection, although the sent message is still forgeable by the receiver, the sender can provide an evidence to prove that whether or not the message is really sent from him/her.  To protect senders more completely, it is better that the sender is anonymous in a deniable authentication protocol.  Therefore, another goal of our research is to design a deniable authentication protocols with anonymous and protected sender.

Table of Content
Table of Content I
List of Table III
List of Figures IV
Chapter 1 Introduction 1
Chapter 2 Review of Concurrent Signature Scheme iPCS1 5
Chapter 3 Our Deniable Authentication Protocol with Sender Protection 7
          3.1 Setup Phase 7
          3.2 Deniable Authentication Phase 7
          3.3 Security Analysis 9
Chapter 4 Our Deniable Authentication Protocol with Anonymous Sender Protection 12
          4.1 Deniable Authentication Phase 12
          4.2 Security Analysis 14
Chapter 5 Performances Analysis and Discussion 19
Chapter 6 Conclusions 22
Reference 23
Appendix 26
 
List of Tables
Table 1.  Compare of Lee et al’s and Our Two Protocols on Computation and Communication Costs 20
Table 2.  Security Properties Comparison between Lee et al’s and Our Protocols 20
 
List of Figures
Fig. 1  DAP-SP 9
Fig. 2  DAP-ASP 13

[1] Ateniese, G., “Efficient Verifiable Encryption (and Fair Exchange) of Digital Signature,” Proc. of AMC Conference on Computer and Communications Security (CCS’99), ACM Press, pp. 138-146, New York, U.S.A., 1999.
[2] Aumann, Y. and Rabin, M., “Authentication Enhanced Security and Error Correcting Codes,” Crypto ’98, Santa Barbara, CA, USA, LNCS 1462, New York: Springer-Verlag, pp. 299-303, 1998.
[3] Aumann, Y. and Rabin, M., “Efficient Deniable Authentication of Long Messages,” Int. Conf. on Theoretical Computer Science in Honor of Professor Manuel Blum’s 60th birthday, 1998. < http://www.cs.cityu.edu.hk/dept/video.html >
[4] Brown, D. R. L., “Deniable Authentication with RSA and Multicasting,” Cryptology ePrint Archive: Report 2005/056, Feb. 24, 2005
[5] Chang, Y. F., Chang, C.C., and Kao, C.L., “An Improvement on a Deniable Authentication Protocol,” ACM SIGOPS Operating Systems Review, Volume 38, Issue 3, pp.65-74, July 2004.
[6] Chen, L., Kudla, C., and Paterson, K.G., “Concurrent Signatures,” Eurocrypt ’04, LNCS 3027, New York: Spriger-Verlag, pp. 287-305, 2004.
[7] Deng X., Lee C.H., and Zhu H., “Deniable Authentication Protocols”, IEE Proceeding-Computers and Digital Techniques, Vol.148, No.2, pp. 101-104, 2001.
[8] Dwork, C., Naor, M., and Sahai, A., “Concurrent Zero-Knowledge,” Proc. of 30th ACM STOC’98, Dallas TX, USA, pp. 409-418, 1998.
[9] Fan, L., Xu, C.X., and Li, J.H., “Deniable Authentication Protocol based on Diffie–Hellman Algorithm,” Electronics Letters, Vol.38, No.4, pp. 705–706, 2002.
[10] Lee, Wei-Bin, Wu, Chia-Chun, and Woei-Jiunn Tsaur, “A Novel Deniable Authentication Protocol Using Generalized ElGamal Signature Scheme,” Information Sciences, Vol.177, pp.1376-1381, 2007.
[11] Lu, R., and Cao, Z., “Non-Interactive Deniable Authentication Protocol based on Factoring,” Computer Standards and Interfaces, Vol. 27, pp. 401-405, 2005.
[12] Lu, R., and Cao, Z., “Erratum to Non-Interactive Deniable Authentication Protocol based on Factoring,” Computer Standards & Interfaces, Vol. 29, p. 275, 2007.
[13] Lu, R., Cao, Z., Dong, X., and Su, R., “Group Oriented Deniable Authentication Protocol,” International Multi-Symposiums on Computer and Computational Sciences (IMSCCS'06), June 20-24, 2006
[14] Shao, Z., “Efficient Deniable Authentication Protocol based on Generalized ElGamal Signature Scheme,” Computer Standards & Interfaces, Vol. 26, pp. 449–454, 2004.
[15] Sun, H.M., Wang, K.H., Chang, S.Y., and Wan, L., “An Authentication Protocol Combining Deniability and Forward Secrecy for Resisting Adaptive Attacks,” International Computer Symposium 2006, Dec 04-06, 2006 
[16] Susilo, W., Mu, Y., and Zhang, F., “Perfect Concurrent Signature Scheme,” Information and Communications (ICICS ‘04), LNCS 3269, New York: Springer-Verlag, pp. 14-26, 2004.
[17] Shi Y. and Li J., “Identity-based Deniable Authentication Protocol,” IEE ELECTRONICS LETTERS, Vol. 41, No.5, March 2005 
[18] Wang, G., Bao, F., and Zhou, J., “The Fairness of Perfect Concurrent Signatures, ” Information and Communications Security (ICICS 06), LNCS 4307,  New York: Spriger- Verlag, pp. 435-451, 2006.
[19] Zhu, R. W., Wong, D. S. and Lee, C. H., “Cryptanalysis of a Suite of Deniable Authentication Protocols,” IEEE Communications Letters, VOL. 10, NO. 6, , 2006