Plausible Deniability in Fully Homomorphic Computation

Shahzad Ahmad; Stefan Rass; Zahra Seyedi

arxiv: 2605.01985 · v1 · submitted 2026-05-03 · 💻 cs.CR

Plausible Deniability in Fully Homomorphic Computation

Shahzad Ahmad , Stefan Rass , Zahra Seyedi This is my paper

Pith reviewed 2026-05-09 16:59 UTC · model grok-4.3

classification 💻 cs.CR

keywords plausible deniabilityhomomorphic computationcoercion resistancedeniable computation schemeFredkin gatesimage embeddingBoolean circuitscloud outsourcing

0 comments

The pith

Embedding multiple computation scenarios in images lets users outsource tasks to the cloud while revealing only a verifiable decoy under coercion.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes a framework for outsourcing Boolean computations to an untrusted cloud that preserves computational privacy against curious providers and adds plausible deniability against coercive adversaries. Multiple scenarios, one real and the rest decoys, are placed at secret positions inside cover images so the cloud applies identical pixel-wise operations to every scenario without learning which is genuine. If coerced, the user discloses a decoy computation whose results can be checked for correctness while the real computation stays hidden. A sympathetic reader would care because this supplies protection against forced disclosure that ordinary homomorphic encryption cannot provide, even when the cloud follows the protocol honestly.

Core claim

The central claim is that a Deniable Computation Scheme can be realized by embedding one real and several decoy Fredkin-gate circuits at unknown positions within RGB cover images; the cloud then executes identical operations across all pixels, yielding computational privacy with distinguishing advantage Theta(1/(n-1)!) for the real scenario and negligible advantage for revealing the existence of other scenarios, so that a coerced user can supply a verifiable decoy result while the genuine computation remains concealed.

What carries the argument

The Deniable Computation Scheme (DCS) realized through RGB images in which secret-positioned circuits receive uniform cloud operations, permitting independent verification of any chosen decoy without exposing the hidden real path.

If this is right

A coerced user can hand over a complete, verifiable decoy computation without exposing the actual outsourced task.
The probability of correctly identifying the real scenario among n possibilities decreases factorially as the number of decoys grows.
Boolean circuits of moderate size can be executed with performance comparable to existing fully homomorphic libraries while adding coercion resistance.
The same uniform processing works for any number of decoys without requiring the cloud to know or select among them.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same embedding principle could be tested on other uniform-operation media such as audio streams or voxel data if the underlying gate set permits identical parallel processing.
Combining the deniability layer with existing fully homomorphic libraries might allow users to choose between pure performance and added coercion protection depending on threat model.
Empirical measurement of real-world coercion success rates would provide a practical calibration for the theoretical advantage bounds given in the coercion games.

Load-bearing premise

That the cloud's identical operations on all embedded scenarios inside the image do not allow an adversary to distinguish the real computation from the decoys.

What would settle it

An efficient adversary that distinguishes the real scenario from the decoys with advantage substantially larger than 1 over (n-1)! after multiple rounds of the defined coercion game would falsify the claimed privacy bound.

read the original abstract

We introduce \emph{Plausible Deniability in Fully Homomorphic Computation} (PD-FHC), a framework enabling users to outsource Boolean computations to an untrusted cloud while maintaining both computational privacy against honest-but-curious providers and plausible deniability against coercive adversaries. We define the notion of a \emph{Deniable Computation Medium} (DCM) and a \emph{Deniable Computation Scheme} (DCS) as medium-independent abstractions, then instantiate them using RGB images with Fredkin-gate circuits. Multiple computation scenarios (one real, several decoys) are embedded at secret positions within cover images; the cloud applies identical operations to every pixel, processing all scenarios uniformly. Under coercion, the user reveals a decoy computation with verifiable results while the real computation remains hidden. We formalize multi-round coercion games with existence and intent distinguishing advantages, proving computational privacy with advantage $\Theta(1/(n-1)!)$ and negligible existence-hiding advantage for the image instantiation. Our Python implementation, benchmarked across circuit sizes (5--289 gates) and image dimensions ($128^2$ to $512^2$), demonstrates competitive performance with TFHE for Boolean circuits while providing deniability that FHE fundamentally cannot offer.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a concrete construction for adding plausible deniability to outsourced Boolean circuit evaluation by embedding multiple scenarios in images and running the same reversible Fredkin-gate operations on all of them.

read the letter

The core contribution is a way to let a user outsource computation while keeping a real scenario hidden even under coercion. Multiple inputs sit at secret positions inside a cover image; the cloud applies identical pixel-wise operations to every one, and the user can later reveal any consistent decoy pair that verifies correctly. The reversibility of Fredkin gates makes the decoy results check out without exposing the real computation. They formalize this with DCM and DCS abstractions plus multi-round coercion games, claiming computational privacy advantage roughly 1 over (n-1)! and negligible existence-hiding advantage for the image case. A Python implementation is included with benchmarks against TFHE on circuits up to a few hundred gates and images up to 512 squared, showing competitive runtimes while adding the deniability property that standard FHE lacks. The uniform-processing step plus secret positions is the key mechanism that supports both hiding and verifiable decoys. The security bounds are stated explicitly, but the full game definitions and reduction steps are not visible in the abstract, so the tightness of the factorial term and the exact assumptions on the cover image need checking in the body. The work stays scoped to Boolean circuits and RGB images, which keeps the construction clean but limits immediate generalization. The central assumption—that uniform reversible operations on embedded scenarios suffice to hide the real one—lines up with the reversibility property and does not appear circular on the surface. This is useful reading for people working on coercion-resistant cloud privacy or extensions of FHE to handle adversarial pressure. A cryptographer interested in deniable encryption or verifiable outsourced computation would get value from the new games and the working implementation. The idea is distinct enough from prior FHE literature and comes with enough concrete material that it deserves a serious referee, even if the proofs will likely need expansion and the scope will draw comments.

Referee Report

1 major / 2 minor

Summary. The paper introduces PD-FHC, a framework for plausible deniability in fully homomorphic computation. It defines Deniable Computation Medium (DCM) and Deniable Computation Scheme (DCS) abstractions, then instantiates them via RGB images embedding multiple computation scenarios (one real, n-1 decoys) at secret positions. The cloud applies identical pixel-wise Fredkin-gate circuits uniformly to all scenarios. Under coercion the user reveals any consistent decoy input/output pair while the real computation remains hidden. Multi-round coercion games are formalized with existence and intent distinguishing advantages; the image instantiation is proven to achieve computational privacy advantage Θ(1/(n-1)!) and negligible existence-hiding advantage. A Python implementation is benchmarked on circuits of 5–289 gates and images up to 512², claiming competitiveness with TFHE while adding deniability.

Significance. If the security reductions hold, the work supplies a concrete, medium-independent abstraction together with an explicit, non-negligible privacy bound and a practical reversible-circuit instantiation that standard FHE cannot provide. The uniform-processing property of the Fredkin instantiation directly supports both decoy verifiability and real-scenario hiding, and the supplied implementation plus benchmark data constitute a reproducible artifact that strengthens the contribution.

major comments (1)

[§5] §5 (Security Analysis), Theorem 1: the stated computational-privacy advantage Θ(1/(n-1)!) is load-bearing for the central claim, yet the reduction steps, game definitions, and exact counting argument that produces the factorial are not visible in the provided excerpt; an explicit sequence of game hops showing how the adversary’s view is independent of the real scenario’s position is required to confirm the bound is tight and non-circular.

minor comments (2)

[Abstract, §6] Abstract and §6 (Implementation): the performance comparison with TFHE should report concrete wall-clock times or gate-throughputs rather than the qualitative phrase “competitive performance” so that readers can assess the overhead of the deniability mechanism.
[§3] Notation: the paper introduces DCM and DCS but does not always distinguish whether a property is required of the medium or of the scheme; a short table mapping each security property to the appropriate definition would improve readability.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful reading and the recommendation for minor revision. The comment on the security analysis is well-taken and we address it directly below.

read point-by-point responses

Referee: [§5] §5 (Security Analysis), Theorem 1: the stated computational-privacy advantage Θ(1/(n-1)!) is load-bearing for the central claim, yet the reduction steps, game definitions, and exact counting argument that produces the factorial are not visible in the provided excerpt; an explicit sequence of game hops showing how the adversary’s view is independent of the real scenario’s position is required to confirm the bound is tight and non-circular.

Authors: We agree that the excerpt may not have rendered the full proof details visible. The complete manuscript defines the multi-round coercion games (existence and intent distinguishing advantages) in §5 and proves Theorem 1 via a reduction that counts the number of consistent decoy assignments. The Θ(1/(n-1)!) advantage follows because the uniform Fredkin-gate processing renders every permutation of the n-1 decoy positions equally likely; the adversary must therefore guess the secret real-scenario index among (n-1)! equally plausible candidates. To make the argument fully explicit and non-circular, we will add a short sequence of game hops in the revised §5: G0 (real secret position), G1 (random but fixed position), G2 (all scenarios processed identically via the same circuit), and G3 (adversary view independent of real index). Each hop is justified by the secret embedding and the reversible, position-agnostic nature of the Fredkin gates. We believe this expansion will confirm both the bound and its tightness. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper introduces new abstractions (DCM and DCS) and formalizes multi-round coercion games as part of its framework, then proves distinguishing advantages directly for the RGB-image + Fredkin-gate instantiation. These steps rely on the explicit construction (secret-position embedding, uniform pixel-wise reversible operations, and decoy revelation) rather than reducing to fitted parameters, self-citations, or prior results by the same authors. No equations or claims in the provided text equate a prediction to its input by construction, smuggle an ansatz via citation, or rename a known result; the derivation remains self-contained against the stated assumptions.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 2 invented entities

Only the abstract is available, so the ledger reflects concepts introduced there; the central claim depends on the security of the image embedding and uniform pixel operations plus standard cryptographic assumptions for the privacy proofs.

axioms (1)

domain assumption Security properties of the underlying primitives for homomorphic computation and image processing
Invoked to support the computational privacy and negligible existence-hiding claims.

invented entities (2)

Deniable Computation Medium (DCM) no independent evidence
purpose: Abstract medium enabling deniable computation
Newly defined to support the framework.
Deniable Computation Scheme (DCS) no independent evidence
purpose: Scheme realizing deniable computation on a medium
Newly defined to support the framework.

pith-pipeline@v0.9.0 · 5517 in / 1411 out tokens · 34925 ms · 2026-05-09T16:59:11.641687+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

25 extracted references · 8 canonical work pages

[1]

Microsoft SEAL: Fast and Easy-to-Use Homomorphic Encryption Library, https: //www.microsoft.com/en-us/research/project/microsoft-seal/
[2]

Aciiçmez, O., Koç, c.K., Seifert, J.P.: On the power of simple branch prediction analysis (2007), https://doi.org/10.1145/1229285.1266999

work page doi:10.1145/1229285.1266999 2007
[3]

IEEE Access pp

Ahmad, S., Rass, S.: Prost: Provably secure homomorphic steganography. IEEE Access pp. 1–1 (2026). https://doi.org/10.1109/ACCESS.2026.3656995

work page doi:10.1109/access.2026.3656995 2026
[4]

Cryptology ePrint Archive, Paper 2022/915 (2022), https://eprint.iacr.org/2022/915 22 S

Badawi, A.A., Alexandru, A., Bates, J., Bergamaschi, F., et al.: OpenFHE: Open- source fully homomorphic encryption library. Cryptology ePrint Archive, Paper 2022/915 (2022), https://eprint.iacr.org/2022/915 22 S. Ahmad et al

2022
[5]

Bellare, M., Hoang, V.T.: Succinctly-Committing Authenticated Encryption (2024), https://eprint.iacr.org/2024/875, publication info: A major revision of an IACR publication in CRYPTO 2024

2024
[6]

Unknown where it was published

Brakerski, Z., Vaikuntanathan, V.: Eﬀicient Fully Homomorphic Encryption from (Standard) L WE (2011), https://eprint.iacr.org/2011/344, publication info: Published elsewhere. Unknown where it was published

2011
[7]

Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical (Aug 2017), https://www.usenix.org/conference/woot17/workshop-program/ presentation/brasser

2017
[8]

991–1008 (Aug 2018), https://www.usenix.org/conference/usenixsecurity18/ presentation/bulck

Bulck, J.V., Minkin, M., Weisse, O., Genkin, D., et al.: Foreshadow: Extract- ing the keys to the intel SGX kingdom with transient Out-of-Order execution p. 991–1008 (Aug 2018), https://www.usenix.org/conference/usenixsecurity18/ presentation/bulck

2018
[9]

In: Kaliski, B

Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B. (ed.) ADV ANCES IN CRYPTOLOGY - CRYPTO’97, PROCEEDINGS. LNCS, vol. 1294, pp. 90–104 (1997)

1997
[10]

Journal of Cryptology 33(1), 34–91 (Jan 2020), https://doi.org/10.1007/s00145-019-09319-x

Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: Fast Fully Ho- momorphic Encryption Over the Torus. Journal of Cryptology 33(1), 34–91 (Jan 2020), https://doi.org/10.1007/s00145-019-09319-x

work page doi:10.1007/s00145-019-09319-x 2020
[11]

Costan, V., Devadas, S.: Intel SGX Explained (2016), https://eprint.iacr.org/ 2016/086, publication info: Preprint

2016
[12]

In: Adamatzky, A

Fredkin, E., Toffoli, T.: Conservative Logic. In: Adamatzky, A. (ed.) Collision- Based Computing, pp. 47–81. Springer, London (2002). https://doi.org/10. 1007/978-1-4471-0129-1_3 , https://doi.org/10.1007/978-1-4471-0129-1_3

work page doi:10.1007/978-1-4471-0129-1_3 2002
[13]

Cambridge University Press, USA (2009)

Fridrich, J.: Steganography in digital media: Principles, algorithms, and applica- tions. Cambridge University Press, USA (2009)

2009
[14]

In: Pro- ceedings of the Forty-First Annual ACM Symposium on Theory of Com- puting

Gentry, C.: Fully homomorphic encryption using ideal lattices (2009). https://doi.org/10.1145/1536414.1536440, https://www.semanticscholar. org/paper/6e6e67042c647b8dd6818f893cbe1ffd474636a3

work page doi:10.1145/1536414.1536440 2009
[15]

Proceed- ings of the nineteenth annual ACM symposium on Theory of computing (1987), https://api.semanticscholar.org/CorpusID:6669082

Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. Proceed- ings of the nineteenth annual ACM symposium on Theory of computing (1987), https://api.semanticscholar.org/CorpusID:6669082

1987
[16]

In: 2012 IEEE International Workshop on Information Forensics and Se- curity (WIFS)

Holub, V., Fridrich, J.: Designing steganographic distortion using directional fil- ters. In: 2012 IEEE International Workshop on Information Forensics and Se- curity (WIFS). pp. 234–239. IEEE, Costa Adeje - Tenerife, Spain (Dec 2012). https://doi.org/10.1109/WIFS.2012.6412655, http://ieeexplore.ieee.org/ document/6412655/

work page doi:10.1109/wifs.2012.6412655 2012
[17]

Kaplan, D.: AMD x86 Memory Encryption Technologies (2016), https: //www.usenix.org/conference/usenixsecurity16/technical-sessions/ presentation/kaplan

2016
[18]

In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M

Klonowski, M., Kubiak, P., Kutyłowski, M.: Practical Deniable Encryption. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds.) SOFSEM 2008: Theory and Practice of Computer Science, vol. 4910, pp. 599–609. Springer Berlin Heidelberg, Berlin, Heidelberg (2008), http://link.springer. com/10.1007/978-3-540-77566-9_52 , se...

work page doi:10.1007/978-3-540-77566-9_52 2008
[19]

In: Pfitzmann, A

McDonald, A., Kuhn, M.: StegFS: A steganographic file system for Linux. In: Pfitzmann, A. (ed.) INFORMATION HIDING, PROCEEDINGS. Lecture Notes in Computer Science, vol. 1768, pp. 463–477 (2000) Plausible Deniability in Fully Homomorphic Computation 23

2000
[20]

469–486 (Aug 2020), https://www.usenix.org/conference/usenixsecurity20/presentation/ moghimi-copycat

Moghimi, D., Bulck, J.V., Heninger, N., Piessens, F., Sunar, B.: Copy- Cat: Controlled Instruction-Level attacks on enclaves pp. 469–486 (Aug 2020), https://www.usenix.org/conference/usenixsecurity20/presentation/ moghimi-copycat

2020
[21]

In: Rog- away, P

O’Neill, A., Peikert, C., Waters, B.: Bi-Deniable Public-Key Encryption. In: Rog- away, P. (ed.) ADV ANCES IN CRYPTOLOGY - CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 525–542. Int Assoc Cryptol Res; Univ Calif Santa Barbara, Comp Sci Dept; IEEE Comp Soc Tech Comm Secur & Privacy (2011)

2011
[22]

In: Böhme, R., Fong, P.W.L., Safavi-Naini, R

Pevný, T., Filler, T., Bas, P.: Using High-Dimensional Image Models to Perform Highly Undetectable Steganography. In: Böhme, R., Fong, P.W.L., Safavi-Naini, R. (eds.) Information Hiding. pp. 161–177. Springer, Berlin, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16435-4_13

work page doi:10.1007/978-3-642-16435-4_13 2010
[23]

2015 IEEE Trustcom/BigDataSE/ISPA 1, 57–64 (2015), https://api.semanticscholar.org/CorpusID:195917113

Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: What it is, and what it is not. 2015 IEEE Trustcom/BigDataSE/ISPA 1, 57–64 (2015), https://api.semanticscholar.org/CorpusID:195917113

2015
[24]

TrueCrypt Foundation: Truecrypt (2004–2014), https://www.truecrypt.org/, software

2004
[25]

23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) pp

Yao, A.C.C.: Protocols for secure computations. 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) pp. 160–164 (1982), https://api. semanticscholar.org/CorpusID:62613325 A Full Proofs This appendix provides complete proofs for the theorems stated in Section 7. A.1 Proof of Theorem 1 (Privacy of Deniable Computation) Proof. We reduce the ...

1982

[1] [1]

Microsoft SEAL: Fast and Easy-to-Use Homomorphic Encryption Library, https: //www.microsoft.com/en-us/research/project/microsoft-seal/

[2] [2]

Aciiçmez, O., Koç, c.K., Seifert, J.P.: On the power of simple branch prediction analysis (2007), https://doi.org/10.1145/1229285.1266999

work page doi:10.1145/1229285.1266999 2007

[3] [3]

IEEE Access pp

Ahmad, S., Rass, S.: Prost: Provably secure homomorphic steganography. IEEE Access pp. 1–1 (2026). https://doi.org/10.1109/ACCESS.2026.3656995

work page doi:10.1109/access.2026.3656995 2026

[4] [4]

Cryptology ePrint Archive, Paper 2022/915 (2022), https://eprint.iacr.org/2022/915 22 S

Badawi, A.A., Alexandru, A., Bates, J., Bergamaschi, F., et al.: OpenFHE: Open- source fully homomorphic encryption library. Cryptology ePrint Archive, Paper 2022/915 (2022), https://eprint.iacr.org/2022/915 22 S. Ahmad et al

2022

[5] [5]

Bellare, M., Hoang, V.T.: Succinctly-Committing Authenticated Encryption (2024), https://eprint.iacr.org/2024/875, publication info: A major revision of an IACR publication in CRYPTO 2024

2024

[6] [6]

Unknown where it was published

Brakerski, Z., Vaikuntanathan, V.: Eﬀicient Fully Homomorphic Encryption from (Standard) L WE (2011), https://eprint.iacr.org/2011/344, publication info: Published elsewhere. Unknown where it was published

2011

[7] [7]

Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical (Aug 2017), https://www.usenix.org/conference/woot17/workshop-program/ presentation/brasser

2017

[8] [8]

991–1008 (Aug 2018), https://www.usenix.org/conference/usenixsecurity18/ presentation/bulck

Bulck, J.V., Minkin, M., Weisse, O., Genkin, D., et al.: Foreshadow: Extract- ing the keys to the intel SGX kingdom with transient Out-of-Order execution p. 991–1008 (Aug 2018), https://www.usenix.org/conference/usenixsecurity18/ presentation/bulck

2018

[9] [9]

In: Kaliski, B

Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B. (ed.) ADV ANCES IN CRYPTOLOGY - CRYPTO’97, PROCEEDINGS. LNCS, vol. 1294, pp. 90–104 (1997)

1997

[10] [10]

Journal of Cryptology 33(1), 34–91 (Jan 2020), https://doi.org/10.1007/s00145-019-09319-x

Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: Fast Fully Ho- momorphic Encryption Over the Torus. Journal of Cryptology 33(1), 34–91 (Jan 2020), https://doi.org/10.1007/s00145-019-09319-x

work page doi:10.1007/s00145-019-09319-x 2020

[11] [11]

Costan, V., Devadas, S.: Intel SGX Explained (2016), https://eprint.iacr.org/ 2016/086, publication info: Preprint

2016

[12] [12]

In: Adamatzky, A

Fredkin, E., Toffoli, T.: Conservative Logic. In: Adamatzky, A. (ed.) Collision- Based Computing, pp. 47–81. Springer, London (2002). https://doi.org/10. 1007/978-1-4471-0129-1_3 , https://doi.org/10.1007/978-1-4471-0129-1_3

work page doi:10.1007/978-1-4471-0129-1_3 2002

[13] [13]

Cambridge University Press, USA (2009)

Fridrich, J.: Steganography in digital media: Principles, algorithms, and applica- tions. Cambridge University Press, USA (2009)

2009

[14] [14]

In: Pro- ceedings of the Forty-First Annual ACM Symposium on Theory of Com- puting

Gentry, C.: Fully homomorphic encryption using ideal lattices (2009). https://doi.org/10.1145/1536414.1536440, https://www.semanticscholar. org/paper/6e6e67042c647b8dd6818f893cbe1ffd474636a3

work page doi:10.1145/1536414.1536440 2009

[15] [15]

Proceed- ings of the nineteenth annual ACM symposium on Theory of computing (1987), https://api.semanticscholar.org/CorpusID:6669082

Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. Proceed- ings of the nineteenth annual ACM symposium on Theory of computing (1987), https://api.semanticscholar.org/CorpusID:6669082

1987

[16] [16]

In: 2012 IEEE International Workshop on Information Forensics and Se- curity (WIFS)

Holub, V., Fridrich, J.: Designing steganographic distortion using directional fil- ters. In: 2012 IEEE International Workshop on Information Forensics and Se- curity (WIFS). pp. 234–239. IEEE, Costa Adeje - Tenerife, Spain (Dec 2012). https://doi.org/10.1109/WIFS.2012.6412655, http://ieeexplore.ieee.org/ document/6412655/

work page doi:10.1109/wifs.2012.6412655 2012

[17] [17]

Kaplan, D.: AMD x86 Memory Encryption Technologies (2016), https: //www.usenix.org/conference/usenixsecurity16/technical-sessions/ presentation/kaplan

2016

[18] [18]

In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M

Klonowski, M., Kubiak, P., Kutyłowski, M.: Practical Deniable Encryption. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds.) SOFSEM 2008: Theory and Practice of Computer Science, vol. 4910, pp. 599–609. Springer Berlin Heidelberg, Berlin, Heidelberg (2008), http://link.springer. com/10.1007/978-3-540-77566-9_52 , se...

work page doi:10.1007/978-3-540-77566-9_52 2008

[19] [19]

In: Pfitzmann, A

McDonald, A., Kuhn, M.: StegFS: A steganographic file system for Linux. In: Pfitzmann, A. (ed.) INFORMATION HIDING, PROCEEDINGS. Lecture Notes in Computer Science, vol. 1768, pp. 463–477 (2000) Plausible Deniability in Fully Homomorphic Computation 23

2000

[20] [20]

469–486 (Aug 2020), https://www.usenix.org/conference/usenixsecurity20/presentation/ moghimi-copycat

Moghimi, D., Bulck, J.V., Heninger, N., Piessens, F., Sunar, B.: Copy- Cat: Controlled Instruction-Level attacks on enclaves pp. 469–486 (Aug 2020), https://www.usenix.org/conference/usenixsecurity20/presentation/ moghimi-copycat

2020

[21] [21]

In: Rog- away, P

O’Neill, A., Peikert, C., Waters, B.: Bi-Deniable Public-Key Encryption. In: Rog- away, P. (ed.) ADV ANCES IN CRYPTOLOGY - CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 525–542. Int Assoc Cryptol Res; Univ Calif Santa Barbara, Comp Sci Dept; IEEE Comp Soc Tech Comm Secur & Privacy (2011)

2011

[22] [22]

In: Böhme, R., Fong, P.W.L., Safavi-Naini, R

Pevný, T., Filler, T., Bas, P.: Using High-Dimensional Image Models to Perform Highly Undetectable Steganography. In: Böhme, R., Fong, P.W.L., Safavi-Naini, R. (eds.) Information Hiding. pp. 161–177. Springer, Berlin, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16435-4_13

work page doi:10.1007/978-3-642-16435-4_13 2010

[23] [23]

2015 IEEE Trustcom/BigDataSE/ISPA 1, 57–64 (2015), https://api.semanticscholar.org/CorpusID:195917113

Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: What it is, and what it is not. 2015 IEEE Trustcom/BigDataSE/ISPA 1, 57–64 (2015), https://api.semanticscholar.org/CorpusID:195917113

2015

[24] [24]

TrueCrypt Foundation: Truecrypt (2004–2014), https://www.truecrypt.org/, software

2004

[25] [25]

23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) pp

Yao, A.C.C.: Protocols for secure computations. 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) pp. 160–164 (1982), https://api. semanticscholar.org/CorpusID:62613325 A Full Proofs This appendix provides complete proofs for the theorems stated in Section 7. A.1 Proof of Theorem 1 (Privacy of Deniable Computation) Proof. We reduce the ...

1982