Separable identity-based deniable authentication: cryptographic primitive for fighting phishing
Phishing emails are one of today’s most common and costly forms of digital identity theft. They are now very convincing that even experts cannot tell what is and is not genuine. In a phishing attack, victims are lured by an official looking email to a fraudulent website that appears to be that of a legitimate service provider. Such attacks can be mitigated with digitally-signed emails. Unfortunately, traditional digital signatures will destroy the traditional repudiability of email and they also require the unrelialistic adoption of a Public Key Infrastructure. To overcome this problem, we introduce a new cryptographic primitive called separable identity-based deniable authentication. Firstly, we present a generic construction of such a scheme, and proceed with an efficient construction based on bilinear pairing, which is an instantiation of our generic construction. This construction is an affirmative answer to the open question proposed by Adida, Hohenberger and Rivest [AHR05+].