Introduced by von Ahn et al. (STOC’05), covert two-party computation is an appealing cryptographic primitive that allows Alice and Bob to securely evaluate a function on their secret inputs in a steganographic manner, i.e., even the existence of a computation is oblivious to each party - unless the output of the function is favourable to both. A prominent form of covert computation is covert authentication, where Alice and Bob want to authenticate each other based on their credentials, in a way such that the party who does not hold the appropriate credentials cannot pass the authentication and is even unable to distinguish a protocol instance from random noise. Jarecki (PKC’14) put forward a blueprint for designing covert authentication protocols, relying on a covert conditional key-encapsulation mechanism, an identity escrow scheme, a covert commitment scheme and a Σ -protocol satisfying several specific properties. He also proposed an instantiation based on the Strong RSA, the D