Paper 2023/1727
A Formal Treatment of Envelope Encryption
Abstract
Envelope encryption is a method to encrypt data with two distinct keys in its basic form. Data is first encrypted with a data-encryption key, and then the data-encryption key is encrypted with a key-encryption key. Despite its deployment in major cloud services, as far as we know, envelope encryption has not received any formal treatment. To address this issue, we first formalize the syntax and security requirements of envelope encryption in the symmetric-key setting. Then, we show that it can be constructed by combining encryptment and authenticated encryption with associated data (AEAD). Encryptment is one-time AEAD satisfying that a small part of a ciphertext works as a commitment to the corresponding secret key, message, and associated data. Finally, we show that the security of the generic construction is reduced to the security of the underlying encryptment and AEAD.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Minor revision. ICISC 2024
- Keywords
- Authenticated encryptionKey wrapKey-committingEncryptment
- Contact author(s)
-
hrs_shch @ u-fukui ac jp
k-minematsu @ nec com - History
- 2024-11-19: revised
- 2023-11-08: received
- See all versions
- Short URL
- https://ia.cr/2023/1727
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1727, author = {Shoichi Hirose and Kazuhiko Minematsu}, title = {A Formal Treatment of Envelope Encryption}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1727}, year = {2023}, url = {https://eprint.iacr.org/2023/1727} }