Deniable RSA Signature: The raise and fall of Ali Baba

Abstract

The 40 thieves realize that the fortune in their cave is vanishing. A rumor says that Ali Baba has been granted access (in the form of a certificate) to the cave but they need evidence to get justice from the Caliph. On the other hand, Ali Baba wants to be able to securely access to the cave without leaking any evidence. A similar scenario holds in the biometric passport application: Ali Baba wants to be able to prove his identity securely but do not want to leak any transferable evidence of, say, his date of birth. In this paper we discuss the notion of offline non-transferable authentication protocol (ONTAP). We review a construction based on the GQ protocol which could accommodate authentication based on any standard RSA certificate. We also discuss on the fragility of this deniability property with respect to set up assumptions. Namely, if tamper resistance exist, any ONTAP protocol in the standard model collapses. © 2012 Springer-Verlag Berlin Heidelberg.