Encrypt-to-Self: Securely Outsourcing Storage

Pijnenburg, Jeroen; Poettering, Bertram

doi:10.1007/978-3-030-58951-6_31

Cited by 3 publications

(37 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Encrypt-to-Self primitive emerged only very recently and little directly related work seems to exist. We already pointed to [11,12] as our main sources of inspiration, and to the work of Dodis et al [4] for a quite similar solution for a different problem. In [11], PP identify the topics of memory encryption, password managers, and encryptment (a notion related to instant messaging) as related to EtS, although there doesn't really seem to be a considerable overlap.…”

Section: Introductionmentioning

confidence: 86%

“…We already pointed to [11,12] as our main sources of inspiration, and to the work of Dodis et al [4] for a quite similar solution for a different problem. In [11], PP identify the topics of memory encryption, password managers, and encryptment (a notion related to instant messaging) as related to EtS, although there doesn't really seem to be a considerable overlap. Finally, we note that EtS-like tools have been proposed for the state management of TLS 1.3 variants [2].…”

Section: Introductionmentioning

confidence: 86%

“…The security analyses in our article are conducted with respect to the security model formalized in [11], we replicate the security model for completeness. Security games are parameterized by an adversary, and consist of a main game body plus zero or more oracle specifications.…”

Section: Security Gamesmentioning

confidence: 99%

“…This results in a substantial saving of computational work. Figure 1 provides an overview of (a simplified version of) the EtS scheme from [11]. 1 Function represents the compression function of a Merkle-Damgård (MD) hash function, that is, it takes bits of data input and bits of chain input, and (deterministically) transforms these inputs to bits of chain output.…”

Section: Introductionmentioning

confidence: 99%

“…We note that implementing this will require shifting every message byte in computer memory by one position. It turns out that due to the word-wise organization of computer memory, a shift-by-one operation is considerably more expensive that one might assume Figure 1: Principle of the EtS construction from [11]. (Less important details were removed for clarity.)…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Efficiency Improvements for Encrypt-to-Self

Pijnenburg

Poettering

2020

Proceedings of the 2nd Workshop on Cyber-Security Arms Race

Self Cite

View full text Add to dashboard Cite

Recent work by Pijnenburg and Poettering (ESORICS'20) explores the novel cryptographic Encrypt-to-Self primitive that is dedicated to use cases of symmetric encryption where encryptor and decryptor coincide. The primitive is envisioned to be useful whenever a memory-bounded computing device is required to encrypt some data with the aim of temporarily depositing it on an untrusted storage device. While the new primitive protects the confidentiality of payloads as much as classic authenticated encryption primitives would do, it provides considerably better authenticity guarantees: Specifically, while classic solutions would completely fail in a context involving user corruptions, if an encrypt-to-self scheme is used to protect the data, all ciphertexts and messages fully remain unforgeable. To instantiate their encrypt-to-self primitive, Pijnenburg et al. propose a mode of operation of the compression function of a hash function, with a carefully designed encoding function playing the central role in the serialization of the processed message and associated data. In the present work we revisit the design of this encoding function. Without questioning its adequacy for securely accomplishing the encrypt-to-self job, we improve on it from a technical/implementational perspective by proposing modifications that alleviate certain conditions that would inevitably require implementations to disrespect memory alignment restrictions imposed by the word-wise operation of modern CPUs, ultimately leading to performance penalties. Our main contributions are thus to propose an improved encoding function, to explain why it offers better performance, and to prove that it provides as much security as its predecessor. We finally report on our open-source implementation of the encrypt-to-self primitive based on the new encoding function. For the full version of this article, see arXiv:2009.02667. CCS CONCEPTS • Security and privacy → Symmetric cryptography and hash functions.

show abstract

Section: Introductionmentioning

confidence: 86%

Section: Introductionmentioning

confidence: 86%

Section: Security Gamesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Efficiency Improvements for Encrypt-to-Self

Pijnenburg

Poettering

2020

Proceedings of the 2nd Workshop on Cyber-Security Arms Race

Self Cite

View full text Add to dashboard Cite

show abstract

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks

Bellare

Shea

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We introduce flexible password-based encryption (FPBE), an extension of traditional password-based encryption designed to meet the operational and security needs of contemporary applications like end-to-end secure cloud storage. Operationally, FPBE supports nonces, associated data and salt reuse. Security-wise, it strengthens the usual privacy requirement, and, most importantly, adds an authenticity requirement, crucial because end-to-end security must protect against a malicious server. We give an FPBE scheme called DtE that is not only proven secure, but with good bounds. The challenge, with regard to the latter, is in circumventing partitioning-oracle attacks, which is done by leveraging key-robust (also called key-committing) encryption and a notion of authenticity with corruptions. DtE can be instantiated to yield an efficient and practical FPBE scheme for the target applications.

show abstract

$$\textsf{PERKS}$$: Persistent and Distributed Key Acquisition for Secure Storage from Passwords

Davies,

Pijnenburg

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Encrypt-to-Self: Securely Outsourcing Storage

Cited by 3 publications

References 12 publications

Efficiency Improvements for Encrypt-to-Self

Efficiency Improvements for Encrypt-to-Self

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks

$$\textsf{PERKS}$$: Persistent and Distributed Key Acquisition for Secure Storage from Passwords

Contact Info

Product

Resources

About