Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [non-repudiation]

Non-repudiation is the assurance that someone cannot deny something.

Non-repudiation is the assurance that someone cannot deny something.

Related to cryptography, non-repudiation refers (among a few other things) to the ability to ensure that a party to a communication cannot deny the authenticity of their signature on a message that they originated.

For example: a digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to sign the document, but also — since a digital signature can only be created by one person — to ensure that a person cannot later deny that they furnished the signature.

30 questions
251
votes
2 answers

What are the differences between a digital signature, a MAC and a hash?

A message may be accompanied with a digital signature, a MAC or a message hash, as a proof of some kind. Which assurances does each primitive provide to the recipient? What kind of keys are needed?
Flimm
  • 2,818
  • 4
  • 16
  • 17
16
votes
6 answers

Why MACs are so important despite digital signatures doing everything a MAC can do and more?

When an entity $A$ wants to send a message to entity $B$, he can attach a MAC to the message. Entity $B$ on receiving the message can use the pre-shared key to compute the same MAC and confirm if the message is untampered with. This approach…
Minaj
  • 1,110
  • 2
  • 13
  • 28
15
votes
2 answers

Does a trace of SSL packets provide a proof of data authenticity?

I'm wondering if it would make sense to record a whole HTTPS session, publish its encryption keys and present it to third parties as a proof that this particular data was sent by a given server identifying itself with some signed certificate. Could…
d33tah
  • 363
  • 1
  • 15
12
votes
2 answers

How should one implement a delegated shared trust protocol?

Consider the following (probably naive) scenario. Alice, who is very limited in her knowledge of security in general (clueless about securing a private key for example), wishes to delegate certain contractual operations to Trent, an apparent trusted…
Gary
  • 873
  • 1
  • 6
  • 12
11
votes
3 answers

Can one have an authentic, but repudiable, message without a previously shared secret?

Bob wants to send a message to Alice, such that Alice can be sure that the message came from Bob, but can't prove it to anyone else. If I understand right, this means that the same message could have possibly also been constructed by Alice, but not…
Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
9
votes
4 answers

Can I use PGP to sign a message without providing cryptographic non-repudation?

The difference between a digital signature and a MAC is non-repudiation. A message with a digital signature proves that only the sender could have signed the message, whereas a message with a MAC proves that either the sender or the recipient could…
Flimm
  • 2,818
  • 4
  • 16
  • 17
7
votes
1 answer

Non-deniability of data sent over TLS

Andy is going to connect to a server Selma over TLS. Later, Andy would like to be able to publish everything (the ciphertexts, the plaintexts, all his keys) and prove to a mediator what data he sent to Selma over TLS; or prove what data Selma sent…
D.W.
  • 36,982
  • 13
  • 107
  • 196
7
votes
5 answers

How can you prove that a certain file was downloaded from a certain website?

Let's say you downloaded a file from a certain website, and later the website claims that it didn't made that file available, is there any way to prove that the website is lying? Example 1: You download a youtube video and the channel later delete…
TimestampQuestion
  • 71
  • 1
  • 2
4
votes
1 answer

Names and games for security properties preventing substitution of signed message by the signer

Some signature schemes, notably ECDSA, unwillingly allow users to prepare their public/private key pair as a function of two arbitrary messages of their choice, and compute a signature that checks for both messages¹. In the case of ECDSA, the…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
4
votes
1 answer

Need help with NFC Tags and cryptography

I have some NFC-Tags, which will be added to my devices. These NFC Tags are basically EEPROMs with an unique UUID (7-Byte, readonly, public) and some constant parameters (approx. 7-15 Bytes, read and writeable, also public) in it. Can I use a…
Michael Haar
  • 143
  • 5
4
votes
3 answers

Security services provided by digital signature

Which of the security services can be provided by digital signature? data integrity non-repudiation sender authentication receiver authentication I think it can provide non-repudiation. Because receiver cannot deny the message as it was assigned…
Ng Clement
  • 83
  • 1
  • 1
  • 7
4
votes
2 answers

Why/how is libsodium/nacl's cryptobox repudiable?

https://nacl.cr.yp.to/box.html see "security model". As far as I can see, Alice encrypts a message using her private key, Bob's public key and a nonce. Bob decrypts the message using Alice's public key, his private key and the nonce. The…
fadedbee
  • 968
  • 1
  • 11
  • 31
4
votes
1 answer

Are HTTPS web sessions non-repudiable?

(This is probably a basic question, and may be a duplicate; if so, just let me know.) Suppose there are two clients A and B, and some server C. Suppose B and C establish an HTTPS tunnel, and C sends a response to B. And suppose B records the…
DumpsterDoofus
  • 143
  • 5
4
votes
3 answers

How can we sign a contract digitally between two parties?

I'm trying to sign a contract with another party, without using handwritten signatures. I've just read through Applied Cryptography, but there doesn't seem to be a protocol that can solve this problem. Digital signatures simply don't work. Even if…
Pacerier
  • 1,265
  • 2
  • 10
  • 16
3
votes
1 answer

Non Repudiation - Message Authentications methods

According to a definition given by my professor: Message authentication methods verify that the message is from the right sender, however they don't guarantee non-repudiation. To me this sounds like a contradiction, what does "right sender"…
AleWolf
  • 461
  • 3
  • 10
1
2