Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Practicality of Deniability
Thoughts on Implementation
Example of a Scenario
Frequently Asked Questions
What are cryptography and cryptanalysis?
What is a key-agreement scheme?
Is RSA a key agreement?
Last Updated: Mar 27, 2024

Deniable Key Agreement Schemes

Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Have you ever tried to find a particular person in a room full of people? It becomes even harder when all of them talk, walk and move in the same way. Imagine you are an investigator and want to ask them about something, and they all deny it in the same way. You are getting more and more confused. Actually, this is a great way to hide, and this is what cryptography is for. It is relatable to our topic today.

We call such signatures deniable. This is because the signer's identity is "hidden" among a collection of potential signers. As a result, any person or entity engaged in the signature might deny having created it. We look at different sorts of deniable signature methods. We will also see how they might be used.

Deniable Key Agreement Schemes


Let us see an easy explanation of deniability. Deniability is an interesting counterpoint to non-repudiation, which is a fundamental condition of signature schemes. We should know that non-repudiation means that a person who signs a message cannot later credibly deny doing so. It is in the context of a signature system. This is useful in any situation where a signature should be regarded as a legally binding promise. In real life, we can compare it to when signing a contract.

On the other hand, there may be times when you and your friend want to have private communication, but neither of you wants a third party to be able to prove that they had a certain talk. Even if the keys used to encrypt that discussion is eventually revealed. In other words, the discussion is secure. Still, the participants have reasonable deniability in the case of a future key breach.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Practicality of Deniability

An essential part of deniability is that its use should be practical. Let us take a look below and find out about the practicality of deniability.

Previously, the encrypted communications community disputed whether or not deniability should be provided and implemented in end-user tools. There are two basic arguments against building deniable messaging protocols: deniability properties are expensive to achieve and are useless in practice. The essential deniability features for encrypted communications protocols. On the other hand, it may now be achieved quite cheaply and without any usability repercussions or have any bad consequences. 

While most secure messaging research focuses on analysts who understand cryptography and rely on cryptographic proofs to make judgements, real-world judges frequently do not and routinely accept plaintext transcripts. We cannot build protocols with greater deniability than plaintext. Nevertheless, we may readily construct protocols with less deniability—while a real-world judge of this type may not accept claims that a plaintext transcript might theoretically be faked. They are more likely to accept expert testimony that a protocol with a digital signature cannot be fabricated. For these reasons, we should aim to create defensible protocols in order to avoid inadvertently involving users. Thus incriminating the person.

Thoughts on Implementation

There is currently a gap between secure messaging system developers and the academic community. There are numerous solutions suggested in the literature, papers and reviews that never gets implemented. It has become evident that while describing a novel system and producing security proofs are vital, more is needed to make cryptography usable. The goal is to have good use of it for regular users. We must do more if actual users are to profit from our methods. One method to overcome this gap is to publish open implementations of different available designs to encourage consumer security product developers to use them.

Example of a Scenario

We can say that a key agreement scheme is deniable if we get this or see this property when the generated session keys are used to encrypt a dialogue between the major agreement protocol's parties.

If we want to be more precise, the following scenario can be considered.

1. An attacker or a third party gets access to X's private keys. We should know that this adversary might be X himself or a third party.

2. The adversary provides a fake transcript of a major agreement scheme session involving Y and X.

3. The purpose is to determine if the transcript gives us proof that the session between Y and X occurred and, if so, whether Y is implicated.

It turns out that for specific key agreement systems, it is possible to mimic (or fabricate or falsify) a transcript that is similar or identical to an actual transcript. There is no way to tell if the session in question truly happened with such a scheme. As a result, the adversary is unable to implicate U, and such a method is thus deniable.

To demonstrate the concept of deniability, compare the fundamental Diffie-Hellman Protocol, which is deniable, to the STS Protocol, which is not.

Frequently Asked Questions

What are cryptography and cryptanalysis?

Cryptology is known as the science of secure communications. Cryptography generates messages with a hidden or secret meaning. On the other hand, cryptanalysis is the science of decoding those encrypted messages to uncover their meaning.

What is a key-agreement scheme?

A key-agreement protocol in cryptography is a process that allows two or more parties to agree on a key. It is done in such a way that both parties impact the outcome. If done correctly, this prevents unwanted third parties from forcing a critical choice on the participating parties or sides.

Is RSA a key agreement?

RSA is a type of public-key cryptography. It is used to secure communication among many parties. The exchange encrypts data as it moves electronically using public keys. RSA is an example of asymmetric cryptography. That means it employs and uses a combination of public and private keys to ensure security.


In the article, we got a brief idea about Deniable Key Agreement Schemes. Developers should evaluate their security and performance requirements when selecting a protocol to utilise in a real-world application. It is also critical to understand how the schemes work in practice under different network conditions. deniability of secure communications methods is still a research topic with many unresolved issues. However, the ideal meaning of deniability to use when designing protocols has not been agreed upon yet. Refer to our courses and explore Coding Ninjas Studio to find more exciting stuff. You can also look into the interview experiences and solve different problems. Look into our Guided paths, test series, libraries and resources to know more.

Thank You

Happy Coding!

Previous article
Known Session Key Attacks on MTI/A0
Next article
What Are Key Updating In Cryptography?
Live masterclass