EPFL Logo
fr|en
Login
Concept

Non-repudiation

In law, non-repudiation is a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated". For example, Mallory buys a cell phone for $100, writes a paper cheque as payment, and signs the cheque with a pen. Later, she finds that she can't afford it, and claims that the cheque is a forgery. The signature guarantees that only Mallory could have signed the cheque, and so Mallory's bank must pay the cheque. This is non-repudiation; Mallory cannot repudiate the cheque. In practice, pen-and-paper signatures aren't hard to forge, but digital signatures can be very hard to break. In general, non-repudiation involves associating actions or changes with a unique individual. For example, a secure area may use a key card access system where non-repudiation would be violated if key cards were shared or if lost and stolen cards were not immediately reported. Similarly, the owner of a computer account must not allow others to use it, such as by giving away their password, and a policy should be implemented to enforce this. In digital security, non-repudiation means: A service that provides proof of the integrity and origin of data. An authentication that can be said to be genuine with high confidence. An authentication that the data is available under specific circumstances, or for a period of time: data availability. Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash such as SHA2 usually ensures that the data will not be changed undetectably. Even with this safeguard, it is possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Because of this, data integrity is best asserted when the recipient already possesses the necessary verification information, such as after being mutually authenticated.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Related courses (1)
COM-301: Computer security and privacy
This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.
Related lectures (8)
Adversarial Thinking: Defender - Threat Modelling
Delves into adversarial thinking and threat modeling methodologies to enhance defense strategies.
Applied Cryptography: Assymetric Cryptography
Introduces asymmetric cryptography, digital signatures, and hybrid encryption for secure communication.
Security Testing and Spoofing
Covers security testing techniques, spoofing vulnerabilities, encryption bans, and network security properties.
Show more
Related publications (20)
Show more
Related people (2)

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.