| Summary: | When designing a security protocol, every choice can have far-reaching repercussions. It is therefore useful to know precisely which security goals may be achievable given the protocol structure, and which are proven impossible. In this work we present some preliminary results about static protocols, whose messages do not depend on the sender's secret key, and deniable protocols, whose transcripts do not comprise proof of communication. In particular, we sketch proofs that static protocols cannot achieve explicit authentication of their peer, that they achieve deniability "or free", and that deniable protocols with explicit authentication must use a challenge-response format.
|
|---|