許多提供匿名性的可否認驗證協定都假設收送雙方事先已互相知道對方身份為基礎;而且為了防止傳送訊息洩露身份隱私,Hwang和Sung進一步提出第一個提供機密性、匿名性與公平保護的非互動式可否認驗證協定。然而,因為匿名的特性,使得事先已互相知道對方身份的假設並不實際。另一方面,Hwang和Sung所提出的協定中的機密性,其安全層級只達到IND-CPA。為了移除不實際的假設,並且提高機密性的安全層級至IND-CCA2,我們提出了可提供不可區分安全性與匿名性之非互動式公平可否認驗證協定。 此外針對Shao學者的非互動式可否認驗證協定,在假設過去秘密驗證金鑰洩露時,Wu等學者指出Shao學者的協定會遭受偽造攻擊,並提出了改良的協定。然而,在相同的假設前提下,本論文提出了針對Wu等學者所提出的改良協定的兩種偽造攻擊。因此Wu等學者的改良協定並不安全,且該假設也過強。 Many non-interactive deniable authentication protocols with anonymity are proposed by assuming that the sender and receiver know each other in advance. To protect the transmitted sensitive identity data, Hwang and Sung proposed the first non-interactive deniable authentication protocol with message confidentiality, anonymity and fair protections. But the underlying assumption of those protocols with anonymity is impractical for the anonymity property. Moreover, the message confidentiality of Hwang and Sung’s protocol is only indistinguishably secure against chosen plaintext attacks. To remove the inappropriate assumption, our non-interactive fair deniable authentication protocol with indistinguishable message confidentiality against adaptive chosen ciphertext attacks and anonymity is proposed. On Shao’s non-interactive deniable authentication protocol, Wu et al. proposed a forgery attack by assuming that the used session secrets are leaked out. They also proposed their improvement. However, two forgery attacks are proposed to show that Wu et al.’s protocol also suffers the forgery attack based on the same assumption. Moreover, the assumption is too strong.
