Cryptology ePrint Archive: Report 2017/1052

Early Detection and Analysis of Leakage Abuse Vulnerabilities

Charles V. Wright and David Pouliot

Abstract: In order to be useful in the real world, efficient cryptographic constructions often reveal, or ``leak,'' more information about their plaintext than one might desire. Up until now, the approach for addressing leakage when proposing a new cryptographic construction has focused entirely on qualifying exactly what information is leaked. Unfortunately there has been no way to predict what the real-world impact of that leakage will be.

In this paper, we argue in favor of an analytical approach for quantifying the vulnerability of leaky cryptographic constructions against attacks that use leakage to recover the plaintext or other sensitive information. In contrast to the previous empirical and ad-hoc approach for identifying and assessing such vulnerabilities, analytical techniques can be integrated much earlier in the design lifecycle of a new construction, and the results of the analysis apply much more broadly across many different kinds of data.

We applied the proposed framework to evaluate the leakage profiles of five recent constructions for deterministic and order-revealing encryption. Our analysis discovered powerful attacks against every construction that we analyzed, and with only one possible exception, the attack allows the adversary to recover virtually any plaintext with only an exponentially small probability of error. We hope that these results, together with the proposed analytical framework, will help spur the development of new efficient constructions with improved leakage profiles that meaningfully limit the power of leakage abuse attacks in the real world.

Category / Keywords: applications / cryptanalysis, efficiently searchable encryption, encrypted databases

Date: received 27 Oct 2017

Contact author: cvwright at cs pdx edu

Available format(s): PDF | BibTeX Citation

Version: 20171031:151822 (All versions of this report)

Short URL: ia.cr/2017/1052

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]