This paper addresses the lack of credibility assessment for deniable encryption systems in judicial evidence contexts, noting that traditional cryptographic “deniability” fails to meet courts’ practical requirements for authenticity, forgery resistance, and institutional compatibility. To bridge this gap, the authors propose— for the first time—a formal “credibility” framework that unifies sociotechnical context, adversarial forgery difficulty, and system persistence policies into a coherent evaluation model. Integrating cryptographic deniability theory, evidentiary legal analysis, and sociotechnical modeling, the framework establishes a multi-dimensional credibility assessment method grounded in realistic threat models. Unlike purely technical approaches, it explicitly incorporates legal and institutional constraints, fostering deep alignment between secure communication design and judicial practice. The work provides both theoretical foundations and design guidelines for admissibility criteria of encrypted evidence in court, advancing interdisciplinary rigor at the intersection of cryptography, law, and systems security.

Over time, cryptographically deniable systems have come to be associated in computer-science literature with the idea of "denying" evidence in court - specifically, with the ability to convincingly forge evidence in courtroom scenarios and an inability to authenticate evidence in such contexts. Evidentiary processes in courts, however, have been developed over centuries to account for the reality that evidence has always been forgeable, and relies on factors outside of cryptographic models to seek the truth "as well as possible" while acknowledging that all evidence is imperfect. We argue that deniability does not and need not change this paradigm. Our analysis highlights a gap between technical deniability notions and their application to the real world. There will always be factors outside a cryptographic model that influence perceptions of a message's authenticity, in realistic situations. We propose the broader concept of credibility to capture these factors. The credibility of a system is determined by (1) a threshold of quality that a forgery must pass to be "believable" as an original communication, which varies based on sociotechnical context and threat model, (2) the ease of creating a forgery that passes this threshold, which is also context- and threat-model-dependent, and (3) default system retention policy and retention settings. All three aspects are important for designing secure communication systems for real-world threat models, and some aspects of (2) and (3) may be incorporated directly into technical system design. We hope that our model of credibility will facilitate system design and deployment that addresses threats that are not and cannot be captured by purely technical definitions and existing cryptographic models, and support more nuanced discourse on the strengths and limitations of cryptographic guarantees within specific legal and sociotechnical contexts.