Deniable messaging protocols allow two parties to have ‘off-the-record’ conversations without leaving any record that can convince external verifiers about what either of them said during the conversation. Recent events like the Podesta email dump underscore the importance of deniable messaging to politicians, whistleblowers, dissidents and many others. Consequently, messaging protocols like Signal and OTR are designed with cryptographic mechanisms to ensure deniable communication, irrespective of whether the communications partner is trusted.
Many commodity devices today support hardware-assisted remote attestation which can be used to convince a remote verifier of some property locally observed on the device.
We show how an adversary can use remote attestation to undetectably generate a non-repudiable transcript from any deniable protocol (including messaging protocols) providing sender authentication, proving to skeptical verifiers what was said. We describe a concrete implementation of the technique using the Signal messaging protocol. We then show how to design protocols that are deniable even against an adversary capable of attestation, and in particular how attestation itself can be used to restore deniability by thwarting realistic classes of adversary.
 N. Asokan, G. Tsudik, and M. Waidner, “Server-supported signatures,” in ESORICS’96: 4th European Symposium on Research in Computer Security, ser. Lecture Notes in Computer Science, E. Bertino, H. Kurth, G. Martella, and E. Montolivo, Eds., vol. 1146. Springer, Heidelberg, Sep. 1996, pp. 131–143.
 R. Bahmani, M. Barbosa, F. Brasser, B. Portela, A.-R. Sadeghi, G. Scerri, and B. Warinschi, “Secure multiparty computation from SGX,” in FC 2017: 21st International Conference on Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science, A. Kiayias, Ed., vol. 10322. Springer, Heidelberg, Apr. 2017, pp. 477–497.
 J. C. Benaloh and D. Tuinstra, “Receipt-free secret-ballot elections (extended abstract),” in 26th Annual ACM Symposium on Theory of Computing. ACM Press, May 1994, pp. 544–553.
 N. Borisov, I. Goldberg, and E. Brewer, “Off-the-record communication, or, why not to use PGP,” in Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES), 2004.
 R. Canetti, “Universally composable security: A new paradigm for cryptographic protocols,” in 42nd Annual Symposium on Foundations of Computer Science. IEEE Computer Society Press, Oct. 2001, pp. 136–145.
 T. Dierks and C. Allen, RFC 2246 - The TLS Protocol Version 1.0, Internet Activities Board, Jan. 1999.
 Y. Dodis, J. Katz, A. Smith, and S. Walfish, “Composability and on-line deniability of authentication,” in TCC 2009: 6th Theory of Cryptography Conference, ser. Lecture Notes in Computer Science, O. Reingold, Ed., vol. 5444. Springer, Heidelberg, Mar. 2009, pp. 146–162.
 D. Kim, B. J. Kwon, and T. Dumitras, “Certified malware: Measuring breaches of trust in the windows code-signing PKI,” in ACM CCS 17: 24th Conference on Computer and Communications Security, B. M. Thuraisingham, D. Evans, T. Malkin, and D. Xu, Eds. ACM Press, Oct. / Nov. 2017, pp. 1435–1448.
 N. Kobeissi, K. Bhargavan, and B. Blanchet, “Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach,” in Proceedings of the IEEE European Symposium on Security and Privacy, 2017.
 P. Kotzias, S. Matic, R. Rivera, and J. Caballero, “Certified PUP: Abuse in authenticode code signing,” in ACM CCS 15: 22nd Conference on Computer and Communications Security, I. Ray, N. Li, and C. Kruegel:, Eds. ACM Press, Oct. 2015, pp. 465–478.
 H. Krawczyk, “SKEME: A versatile secure key exchange mechanism for Internet,” in Proceedings of the Symposium on Network and Distributed System Security, 1996.
 H. Ritzdorf, K. Wüst, A. Gervais, G. Felley, and S. Capkun, “TLS-N: Non-repudiation over TLS enabling - ubiquitous content signing for disintermediation,” Cryptology ePrint Archive, Report 2017/578, 2017, http://eprint.iacr.org/2017/578.
 B. Schneier, Applied Cryptography. Wiley, 1996.
 email@example.com, “Personal communication,” May 2018.
 A. Serhrouchni and I. Hajjeh, “Intégration de la signature numérique au protocole SSL/TLS,” Annales Des Télécommunications, vol. 61, no. 5–6, pp. 522–541, 2006.
 N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, “SoK: Secure messaging,” in 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2015, pp. 232–249.
 N. Unger and I. Goldberg, “Deniable key exchanges for secure messaging,” in ACM CCS 15: 22nd Conference on Computer and Communications Security, I. Ray, N. Li, and C. Kruegel:, Eds. ACM Press, Oct. 2015, pp. 1211–1223.
 ——, “Improved strongly deniable authenticated key exchanges for secure messaging,” Proceedings on Privacy Enhancing Technologies, vol. 2018, 2018.
 F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi, “Town crier: An authenticated data feed for smart contracts,” in ACM CCS 16: 23rd Conference on Computer and Communications Security, E. R. Weippl, S. Katzenbeisser, C. Kruegel, A. C. Myers, and S. Halevi, Eds. ACM Press, Oct. 2016, pp. 270–282.