Cryptology ePrint Archive: Report 2019/1457

Fast and Secure Updatable Encryption

Colin Boyd and Gareth T. Davies and Kristian Gjøsteen and Yao Jiang

Abstract: Updatable encryption allows a client to outsource ciphertexts to some untrusted server and periodically rotate the encryption key. The server can update ciphertexts from an old key to a new key with the help of an update token, received from the client, which should not reveal anything about keys or plaintexts to an adversary. We provide a new and highly efficient suite of updatable encryption schemes that we collectively call SHINE. In the variant designed for short messages, ciphertext generation consists of applying one permutation and one exponentiation (per message block), while updating ciphertexts requires just one exponentiation. Variants for longer messages provide much stronger security guarantees than prior work that has comparable efficiency. We present a new confidentiality notion for updatable encryption schemes that implies prior notions. We prove that SHINE is secure under our new confidentiality definition while also providing ciphertext integrity.

Category / Keywords: cryptographic protocols / updatable encryption, cloud storage, key rotation

Date: received 17 Dec 2019, last revised 21 Feb 2020

Contact author: davies at uni-wuppertal de

Available format(s): PDF | BibTeX Citation

Note: New results including proof of CCA security for SHINE suite and CCA composition theorem. Changes described in Section 1.4.

Version: 20200221:133540 (All versions of this report)

Short URL: ia.cr/2019/1457


[ Cryptology ePrint archive ]