Paper 2013/429

DupLESS: Server-Aided Encryption for Deduplicated Storage

Mihir Bellare, Sriram Keelveedhi, and Thomas Ristenpart


Cloud storage service providers such as Dropbox, Mozy, and others perform deduplication to save space by only storing one copy of each file uploaded. Should clients conventionally encrypt their files, however, savings are lost. Message-locked encryption (the most prominent manifestation of which is convergent encryption) resolves this tension. However it is inherently subject to brute-force attacks that can recover files falling into a known set. We propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS. In DupLESS, clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol. It enables clients to store encrypted data with an existing service, have the service perform deduplication on their behalf, and yet achieves strong confidentiality guarantees. We show that encryption for deduplicated storage can achieve performance and space savings close to that of using the storage service with plaintext data.

Available format(s)
Publication info
Published elsewhere. Usenix Security Symposium 2013
storagededuplicationmessage-locked encryptionconvergent encryption
Contact author(s)
sriramkr @ cs ucsd edu
2013-07-03: received
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Sriram Keelveedhi and Thomas Ristenpart},
      title = {DupLESS: Server-Aided Encryption for Deduplicated Storage},
      howpublished = {Cryptology ePrint Archive, Paper 2013/429},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.