Most cryptographic algorithms provide a means for secret and authentic communication. However, under many circumstances, the ability to repudiate messages or deny a conversation is no less important than secrecy and authenticity. For whistleblowers, informants, political dissidents and journalists -to name a few -it is most important to have means for deniable conversation, where electronic communication must mimic face-to-face private meetings. Off-the-Record Messaging, proposed in 2004 by

more »

... sov, Goldberg and Brewer, and its subsequent improvements, simulate private two-party meetings. Despite some attempts, the multiparty scenario remains unresolved. In this paper, we first identify the properties of multiparty private meetings. We illustrate the differences not only between the physical and electronic medium but also between two-and multi-party scenarios, which have important implications for the design of private chatrooms. We then propose a solution to multi-party off-the-record instant messaging that satisfies the above properties. Our solution is also composable with extensions that provide other properties, such as anonymity.