Deniable Encryption in a Quantum World
Abstract
(Sender-)Deniable encryption provides a very strong privacy guarantee: a sender who is coerced by an attacker into "opening" their ciphertext after-the-fact is able to generate "fake" local random choices that are consistent with any plaintext of their choice. In this work, we study (sender-)deniable encryption in a setting where the encryption procedure is a quantum algorithm, but the ciphertext is classical. We show that quantum computation unlocks a fundamentally stronger form of deniable encryption, which we call perfect unexplainability. The primitive at the heart of unexplainability is a quantum computation for which there is provably no efficient way, such as exhibiting the "history of the computation", to establish that the output was indeed the result of the computation. We give a construction that is secure in the random oracle model, assuming the quantum hardness of LWE. Crucially, this notion implies a form of protection against coercion "before-the-fact", a property that is impossible to achieve classically.
Keywords
Cite
@article{arxiv.2112.14988,
title = {Deniable Encryption in a Quantum World},
author = {Andrea Coladangelo and Shafi Goldwasser and Umesh Vazirani},
journal= {arXiv preprint arXiv:2112.14988},
year = {2025}
}
Comments
A previous version of this paper also included an alternative notion of quantum deniability called "$\ell$-deniability'', and proposed a construction that was mistakenly claimed to be "1-deniable'' assuming LWE. This construction was later found to be insecure, and thus all discussion of "$\ell$-deniability'' has been removed. All other contributions are unaffected