## Cryptology ePrint Archive: Report 2022/553

Secure Storage with Deduplication

John Best and Wayne Hineman and Steven Hetzler and Guerney Hunt and Charanjit S. Jutla

Abstract: We describe a new secure storage scheme that facilitates deduplication. The scheme is also proved secure in the universal-composability model. It is a single server scheme, and the basic scheme does not prevent against off-line dictionary attacks if the server is compromised. However, if a global secret key is shared amongst users of the organization, and this key is never stored at the server, we also get protection against off-line dictionary attacks even if the server is compromised. The UC security model for deduplication is based on an earlier work of Liu, Asokan and Pinkas, Proc. CCS 2015. The scheme obtains additional optimization by employing the XTS-AES mode of encryption in the public random permutation model.

Another upshot of the analysis is that one can first MAC and then encrypt using XTS mode and attain authenticated encryption, avoiding the pitfalls cautioned against by Hugo Krawczyk, in the work How Secure is SSL?'', CRYPTO 2001.

Category / Keywords: secret-key cryptography / IAPM, XTS, authenticated encryption, UC security, deduplication

Date: received 5 May 2022, last revised 5 May 2022

Contact author: csjutla at us ibm com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2022/553

[ Cryptology ePrint archive ]