What is the difference between authenticity and non-repudiation?

Authenticity is about one party (say, Alice) interacting with another (Bob) to convince Bob that some data really comes from Alice.

Non-repudiation is about Alice showing to Bob a proof that some data really comes from Alice, such that not only Bob is convinced, but Bob also gets the assurance that he could show the same proof to Charlie, and Charlie would be convinced, too, even if Charlie does not trust Bob.

Therefore, a protocol which provides non-repudiation necessarily provides authenticity as a byproduct; in a way, authenticity is a sub-concept of non-repudiation. However, there are ways to provide authenticity (only) which are vastly more efficient than known methods to achieve signatures (authenticity can be obtained with a Message Authentication Code whereas non-repudiation requires a Digital Signature with much more involved mathematics). For this reason, it makes sense to use "authenticity" as a separate concept.

SSL/TLS is a tunneling protocol which provides authenticity (the client is sure to talk to the intended server) but not non-repudiation (the client cannot record the session and show it as proof, in case of a legal dispute with the server, because it would be easy to build a totally fake session record).

Authentication and non-repudiation are two different sorts of concepts.

• Authentication is a technical concept: e.g., it can be solved through cryptography.

• Non-repudiation is a legal concept: e.g., it can only be solved through legal and social processes (possibly aided by technology).

Some people have been taught that non-repudiation can be provided through crypto-mathematics alone. However, that is not correct.

Why would you want authentication?

To know that an e-mail, piece of software, web site, or other item originated from a specific person, computer system, or company. Generally you are using the identity of origin as part of a decision about trust.

If an e-mail comes from your bank and you authenticate the e-mail, you place a certain amount of trust in the contents. If an e-mail comes from an adversary, but claims to come from your back, and you are unable to authenticate the e-mail, you distrust the contents of the e-mail.

Authentication is used to verify identity. Identity is the claim that an individual is a specific person. Authentication is an attempt to verify a claim about identity. I can claim to be Margaret Thatcher, but since I am not Margaret Thatcher I should not be able to authenticate my claim.

Why would you want non-repudiation?

To prove that a person said a particular sentence, typed a specific phrase, or performed a specific action. To repudiate is to claim that whatever was said, typed, communicated, or performed was not done by you (or the person in question).

If someone claims that George Carlin used swear words, and George Carlin attempts to repudiate the claim, it is easy to prove that he has used swear words. There is evidence that George Carlin has used swear words. If George Carlin cannot repudiate the claim about swear words, the evidence provides non-repudiation.

Non-repudiation is an active attempt to creat artifacts which may be used against an identified person who is denying that they are the origin of a communication or action. The artifacts are identity, authentication of the identity, and something connecting a communication or action to the identity.

In the George Carlin example there are legal documents that record the testomy of many witnesses who identifed and authenticated George Carlin and witnessesed him using swear words. This is a passive and accidental production of artifacts connecting an action to an identity.

In security we want active purposeful production of artifacts that may assist in a non-repudiation argument. In order to do that we must identify an entity, authenticate the identity and connect the identified entity to a specific action or communication.

Some people use public/private key certificates to sign their email. By using their e-mail address they are providing identification. Their use of a private key (to sign the e-mail) provides authentication as long as the private key is known only by the individual. When they sign an e-mail with their digital signature they are connecting the content of the e-mail to the identity authenticated by the certificate. These artifacts may assist in preventing an individual from repudiating the contents of the e-mail; "I never sent that e-mail." However, to repudiate the e-mail a sender may claim that their private key was stolen (known by another party) and the thief sent the e-mail.