Cryptanalysis on an Enhanced Identity-based Deniable Authentication Protocol

Deniability is defined as a special privacy property which enables protocol principals to deny their participation after they have taken part in a particular protocol run. In 2005, Liao et a]. [121 proposed a variant of Cao et al.'s identity-based (ID-based) deniable authentication protocol [31 by incorporating an additional signature scheme into it to provide extra authentication. This enhancement is then claimed to be able to overcome the alleged weakness of Cao et al.'s protocol, secure and capable of achieving both authenticity and deniability properties simultaneously. However, we find out that the alleged "weakness" of Cao et al.'s protocol is actually required in preserving the deniability of their protocol. Furthermore, in this paper, we also demonstrate that Liao et al.'s protocol is not flawless due to its susceptibility to the KCI attack as well as its inability in satisfying several invaluable security attributes.