Efficiency Improvements for Encrypt-to-Self
Pages 13 - 23
Abstract
Recent work by Pijnenburg and Poettering (ESORICS'20) explores the novel cryptographic Encrypt-to-Self primitive that is dedicated to use cases of symmetric encryption where encryptor and decryptor coincide. The primitive is envisioned to be useful whenever a memory-bounded computing device is required to encrypt some data with the aim of temporarily depositing it on an untrusted storage device. While the new primitive protects the confidentiality of payloads as much as classic authenticated encryption primitives would do, it provides considerably better authenticity guarantees: Specifically, while classic solutions would completely fail in a context involving user corruptions, if an encrypt-to-self scheme is used to protect the data, all ciphertexts and messages fully remain unforgeable.
To instantiate their encrypt-to-self primitive, Pijnenburg et.al propose a mode of operation of the compression function of a hash function, with a carefully designed encoding function playing the central role in the serialization of the processed message and associated data. In the present work we revisit the design of this encoding function. Without questioning its adequacy for securely accomplishing the encrypt-to-self job, we improve on it from a technical/implementational perspective by proposing modifications that alleviate certain conditions that would inevitably require implementations to disrespect memory alignment restrictions imposed by the word-wise operation of modern CPUs, ultimately leading to performance penalties. Our main contributions are thus to propose an improved encoding function, to explain why it offers better performance, and to prove that it provides as much security as its predecessor. We finally report on our open-source implementation of the encrypt-to-self primitive based on the new encoding function. For the full version of this article, see https://arxiv.org/abs/2009.02667 arXiv:2009.02667.
References
[1]
Alpern, B., and Schneider, F. B. Recognizing safety and liveness. Distributed Computing 2, 3 (1987), 117--126.
[2]
Aviram, N., Gellert, K., and Jager, T. Session resumption protocols and efficient forward security for TLS 1.3 0-RTT. In Advances in Cryptology -- EUROCRYPT 2019, Part II (Darmstadt, Germany, May 19-23, 2019), Y. Ishai and V. Rijmen, Eds., vol. 11477 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 117--150.
[3]
Biham, E., and Chen, R. Near-collisions of SHA-0. In Advances in Cryptology -- CRYPTO 2004 (Santa Barbara, CA, USA, Aug. 15-19, 2004), M. Franklin, Ed., vol. 3152 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 290--305.
[4]
Dodis, Y., Grubbs, P., Ristenpart, T., and Woodage, J. Fast message franking: From invisible salamanders to encryptment. In Advances in Cryptology -- CRYPTO 2018, Part I (Santa Barbara, CA, USA, Aug. 19-23, 2018), H. Shacham and A. Boldyreva, Eds., vol. 10991 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 155--186.
[5]
Dworkin, M. J. SP 800--38D: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. Tech. rep., National Institute of Standards & Technology, Gaithersburg, MD, United States, 2007. http://dx.doi.org/10.6028/NIST.SP.800--38D.
[6]
Krovetz, T., and Rogaway, P. The OCB Authenticated-Encryption Algorithm. RFC 7253, May 2014.
[7]
Liskov, M., Rivest, R. L., and Wagner, D. Tweakable block ciphers. Journal of Cryptology 24, 3 (July 2011), 588--613.
[8]
Nir, Y., and Langley, A. ChaCha20 and Poly1305 for IETF Protocols. RFC 8439, June 2018.
[9]
NIST. FIPS 180--4: Secure Hash Standard (SHS). Tech. rep., NIST, 2015.
[10]
Pijnenburg, J., and Poettering, B. Efficiency improvements for encrypt-to-self, 2020. https://arxiv.org/abs/2009.02667.
[11]
Pijnenburg, J., and Poettering, B. Encrypt-to-self: Securely outsourcing storage. In ESORICS (1) (2020), vol. 12308 of LNCS, Springer, pp. 635--654. https://doi.org/10.1007/978-3-030-58951-6_31.
[12]
Pijnenburg, J., and Poettering, B. Encrypt-to-self: Securely outsourcing storage. Cryptology ePrint Archive, Report 2020/847, 2020. https://eprint.iacr.org/2020/847.
[13]
Pijnenburg, J., and Poettering, B. Key assignment schemes with authenticated encryption, revisited. IACR Transactions on Symmetric Cryptology 2020, 2 (2020), 40--67.
[14]
Rogaway, P. Authenticated-encryption with associated-data. In ACM CCS 2002: 9th Conference on Computer and Communications Security (Washington, DC, USA, Nov. 18-22, 2002), V. Atluri, Ed., ACM Press, pp. 98--107.
[15]
Saarinen, M. O., and Aumasson, J. The BLAKE2 cryptographic hash and message authentication code (MAC). RFC 7693, 2015.
Index Terms
- Efficiency Improvements for Encrypt-to-Self
Recommendations
Identity-based non-interactive key distribution with forward security
Identity-based non-interactive key distribution (ID-NIKD) is a cryptographic primitive that enables two users to establish a common secret key without exchanging messages. All users of the system have access to public system parameters and a private key,...
Forgery attacks on ++AE authenticated encryption mode
ACSW '16: Proceedings of the Australasian Computer Science Week MulticonferenceIn this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery ...
Provably secure encrypt-then-sign composition in hybrid signcryption
ICISC'02: Proceedings of the 5th international conference on Information security and cryptologyTo make authenticated encryption which provides confidentiality and authenticity of a message simultaneously, a signcryption scheme uses asymmetric primitives, such as an asymmetric encryption scheme for confidentiality and a signature scheme for ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2020
38 pages
ISBN:9781450380911
DOI:10.1145/3411505
- General Chairs:
- Liqun Chen,
- Chris Mitchell,
- Program Chairs:
- Thanassis Giannetsos,
- Daniele Sgandurra
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 November 2020
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CCS '20
Sponsor:
CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security
November 13, 2020
Virtual Event, USA
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 65Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in