Abstract
-
Generally, the goal of identification schemes is to provide security assurance against impersonation
attacks. Identification schemes based on zero knowledge protocols have more advantages,
for example, deniability, which enables the prover to deny an identification proof so that the verifier
couldn’t persuade others that it is indeed the prover who identified itself to him. This kind
of identifications is called ‘deniable identification’. However, in some applications we require the
existence of a (trusted) party being able to find out an evidence that a party did identify itself to
a verifier is required, in order to prevent parties from misbehavior. So in this case ‘undeniability’
is needed. To the best of our knowledge, an identification scheme that provides both deniability
and undeniability does not exist in the literature. In this work we propose the notion of escrowed
deniable identification schemes, which integrates both ‘escrowed deniability’ (undeniability) and
‘deniability’ properties. Intuitively, in the online communication, a verifier may sometimes need to
provide an evidence of a conversation between himself and the prover, for instance, an evidence
for the case of misuse of the prover’s privilege. We then provide an escrowed deniable identification
scheme, and prove its security, i.e. impersonation, deniability and escrowed deniability, in the
standard model based on some standard number theoretic assumptions.