可否認認證協定具有兩個基本特性：指定驗證者以及可否認性。近來Hwang和Ma提出具有匿名送方保護功能之可否認認證協定，藉由允許資料的傳送方提出證據，證明自己的確傳送過資料的事實，以保護自己的權利。為了改進Hwang和Ma協定的效能，在此提出一個具有匿名送方保護功能之有效可否認認證協定。雖然傳送方已受到保護，但是對於資料的接收方而言，並沒有相對應的保護方式存在，此種狀況可能會讓接收方遭受不白之冤。舉例來說，若資料的傳送方的確送出了資料，但卻將送出資料的行為誣賴給接收方，那麼根據可否認認證協定的可否認性，外人無從判斷究竟誰才是真正的傳送方，甚至會懷疑此份資料是由接收方所偽造的。由上述的例子可以瞭解，除了保護資料傳送方的權利之外，藉由接收方也能提出證據來證明自己的確沒有傳送過資料的方式，來達到保護資料接收方的權利也是很重要的。因此，本論文提出具有匿名公平保護功能之可否認認證協定，來保護資料傳送方以及接收方的權利，並且保護資料收送雙方的隱私。

Intended receiver and deniability properties are two basic properties satisfied by deniable authentication protocols.  Recently, Hwang and Ma proposed the concept of deniable authentication protocol with (anonymous) sender protection to protect the real sender’s right.  To improve the performance of Hwang and Ma’ protocol, an efficient deniable authentication protocol with anonymous sender protection is proposed.  Then the anonymous sender can prove that he/she really sent the message to guard against circumvention by some receivers.  However, the honest receiver still suffers the circumvention risk due to the senders’ deniability.  If the sender sent a deniable authenticated message to the innocent receiver and claimed that the message was generated by receivers.  Then the receiver has nothing to convince the others that he/she is innocent.  To provide fair protection and anonymity both for senders and receivers, a deniable authentication protocol with anonymous fair protection is proposed.

Table of Content
Chapter 1 Introduction...............................P. 1
Chapter 2 Review.....................................P. 5
2.1 Schnorr Signature Scheme and Its Promise.........P. 5
2.2 The Undeniable Signature Scheme..................P. 6
2.3 Underlying Hard Problems.........................P. 7
Chapter 3 Our Deniable Authentication Protocol with Anonymous Sender Protection..........................P. 9
3.1 Our DAP-ASP......................................P. 9
3.2 Security Analysis...............................P. 11
Chapter 4 Our Deniable Authentication Protocol with Anonymous Fair Protection...........................P. 17
4.1 Our DAP-AFP.....................................P. 17
4.2 Security Analysis...............................P. 21
Chapter 5 Performance Analysis and Discussions......P. 29
Chapter 6 Conclusions...............................P. 33
References..........................................P. 34
Appendix............................................P. 37

List of Figures
Fig. 1: Our DAP-ASP.................................P. 11
Fig. 2: Promising and Confirmation Phases of Our DAP-AFP.................................................P. 19
Fig. 3: Clarification Phase of Our DAP-AFP..........P. 21

List of Tables
Table 1: Security Comparison among Hwang and Ma’s DAP-ASP, Our DAP-ASP, and Our DAP-AFP........................P. 29
Table 2: Cost Comparison of Computation and Communication among Hwang and Ma’s DAP-ASP, Our DAP-ASP, and Our DAP-AFP.................................................P. 32

[1]	G. Ateniese, “Efficient Verifiable Encryption (and Fair Exchange) of Digital Signature,” Proceedings of ACM Conference on Computer and Communications Security (CCS’ 99), New York: ACM Press, 1999, pp. 138-146.
[2]	Y. Aumann and M. Rabin, “Efficient deniable authentication of long messages,” International Conference on Theoretical Computer Science, Hong Kong, 1998. <http://www.cs.cityu.edu.hk/dept/video.html>
[3]	Y. F. Chang, C. C. Chang, and C. L. Kao, “An Improvement on a Deniable Authentication Protocol,” ACM SIGOPS Operation Systems Review, Volume 38, Issue 3, pp. 65-74, 2004.
[4]	D. Chaum and H. V. Antwerpen, “Undeniable Signatures,” Advances in Cryptology: Proceedings of CRYPTO’ 89, LNCS 435, G. Brassard, Ed., New York: Springer Verlag, 1990, pp. 212-216.
[5]	X. Deng, C. H. Lee, H. Zhu, “Deniable authentication protocols”, IEE Proceeding-Computers and Digital Techniques, Vol.148, No.2, pp. 101-104, 2001.
[6]	W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. 22, Issue 6, pp. 644-654, 1976.
[7]	C. Dwork, M. Naor, and A. Sahai, “Concurrent Zero-Knowledge,” Proceedings of 30th ACM STOC’ 98, Dallas TX, USA, 1998, pp. 409-418.
[8]	L. Fan, C. X. Xu, and J. H. Li, “Deniable authentication protocol based on Diffie-Hellman algorithm,” Electronics Letters, Vol. 38, No. 4, pp. 705-706, 2002.
[9]	C. L. Hsu, Y. H. Chuang, and K. Y. Tsai, “Novel Non-Interactive Deniable Authentication Protocol,” The 3rd Joint Workshop on Information Security, Seoul, Korea, 2008, pp. 337-345.
[10]	S. J. Hwang and J. C. Ma, “Deniable Authentication Protocols with Sender Protection,” National Computer Symposium, Wufeng, Taiwan, 2007, pp. 762-767.
[11]	S. J. Hwang and J. C. Ma, “Deniable Authentication Protocols with (Anonymous) Sender Protection,” International Computer Symposium, Tamsui, Taiwan, 2008, pp. 412-419.
[12]	W. B. Lee, C. C. Wu, and W. J. Tsaur, “A Novel Deniable Authentication Protocol Using Generalized ElGamal Signature Scheme,” Information Sciences, Vol. 177, 2007, pp. 1376-1381.
[13]	M. H. Lim, S. Lee, and S. Moon, “Cryptanalysis on some Deniable Authentication Protocol based on ElGamal Crpytography,” Computer Standards & Interfaces, Vol. 27, pp. 401-405, 2005.
[14]	R. Lu and Z. Cao, “Non-Interactive Deniable Authentication Protocol based on Factoring,” Computer Standards & Interfaces, Vol. 27, Issue 4, pp. 401-405, 2005.
[15]	K. Nguyen, “Asymmetric Concurrent Signatures,” Proceedings of Information and Communications Security Conference (ICICS 2005), LNCS 3783, New York: Springer Verlag, 2005, pp. 181-193.
[16]	D. Pointcheval and J. Stern, “Security Arguments for Digital Signatures and Blind Signatures,” Journal of Cryptology, Vol. 13, No. 3, New York: Springer Verlag, pp. 361-396, 2000.
[17]	M. O. Rabin, “Digitalized Signatures and Public-Key Functions as Intractable as Factorization,” TR-212, MIT Laboratory for Computer Science, 1979.
[18]	C. P. Schnorr, “Efficient Identification and Signatures for Smart Cards,” Advances in Cryptology: Proceedings of CRYPTO’ 89, LNCS 435, G. Brassard, Ed., New York: Springer Verlag, 1990, pp. 239-252.
[19]	J. Shao, Z. Cao, and R. Lu, “An Improved Deniable Authentication Protocol,” Networks, Vol. 48, pp. 179-181, 2006.
[20]	Z. Shao, “Efficient deniable authentication protocol based on generalized ElGamal signature scheme,” Computer Standards & Interfaces, Vol. 26, 2004, pp. 449-454.
[21]	Y. Wang, J. Li, and L. Tie, “A Simple Protocol for Deniable Authentication Protocol base on ElGamal Cryptography,” Networks, Vol. 45, pp. 193-194, 2005.
[22]	E. J. Yoon and K. Y. Yoo, “Secure Deniable Authentication Protocol based on ElGamal Cryptography,” Networks, Vol. 45, pp. 193-194, 2005.