Over time, cryptographically deniable systems have come to be associated in computer-science literature with the idea of "denying" evidence in court - specifically, with the ability to convincingly forge evidence in courtroom scenarios and an inability to authenticate evidence in such contexts. Evidentiary processes in courts, however, have been developed over centuries to account for the reality that evidence has always been forgeable, and relies on factors outside of cryptographic models to seek the truth "as well as possible" while acknowledging that all evidence is imperfect. We argue that deniability does not and need not change this paradigm. Our analysis highlights a gap between technical deniability notions and their application to the real world. There will always be factors outside a cryptographic model that influence perceptions of a message's authenticity, in realistic situations. We propose the broader concept of credibility to capture these factors. The credibility of a system is determined by (1) a threshold of quality that a forgery must pass to be "believable" as an original communication, which varies based on sociotechnical context and threat model, (2) the ease of creating a forgery that passes this threshold, which is also context- and threat-model-dependent, and (3) default system retention policy and retention settings. All three aspects are important for designing secure communication systems for real-world threat models, and some aspects of (2) and (3) may be incorporated directly into technical system design. We hope that our model of credibility will facilitate system design and deployment that addresses threats that are not and cannot be captured by purely technical definitions and existing cryptographic models, and support more nuanced discourse on the strengths and limitations of cryptographic guarantees within specific legal and sociotechnical contexts.

翻译：长期以来，密码学可否认系统在计算机科学文献中常与法庭上"否认"证据的概念相关联——具体而言，即指在法庭场景中能够令人信服地伪造证据，以及在此类情境下无法验证证据真实性的能力。然而，法庭的证据程序历经数百年发展，早已考虑到证据始终可被伪造的现实，并依赖密码学模型之外的因素来"尽可能"寻求真相，同时承认所有证据皆非完美。我们认为，可否认性并未也无须改变这一范式。我们的分析揭示了技术性可否认概念与其在现实世界应用之间的差距。在现实情境中，总会存在密码学模型之外的因素影响人们对消息真实性的认知。为此，我们提出更广义的"可信度"概念来涵盖这些因素。一个系统的可信度取决于以下三个方面：(1) 伪造品必须达到的、能够被"信以为真"视为原始通信的质量阈值，该阈值随社会技术背景和威胁模型而变化；(2) 制作出能通过该质量阈值的伪造品的难易程度，这也取决于具体情境和威胁模型；(3) 系统的默认留存策略与留存设置。这三个方面对于设计面向现实世界威胁模型的安全通信系统都至关重要，其中(2)和(3)的某些方面可直接纳入技术系统设计。我们希望，我们提出的可信度模型将有助于系统设计与部署，以应对那些纯粹技术性定义和现有密码学模型无法涵盖的威胁，并支持在特定法律和社会技术背景下，就密码学保证的优势与局限性展开更细致的讨论。