Paper 2023/197
Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks
Abstract
We introduce flexible password-based encryption (FPBE), an extension of traditional password-based encryption designed to meet the operational and security needs of contemporary applications like end-to-end secure cloud storage. Operationally, FPBE supports nonces, associated data and salt reuse. Security-wise, it strengthens the usual privacy requirement, and, most importantly, adds an authenticity requirement, crucial because end-to-end security must protect against a malicious server. We give an FPBE scheme called DtE that is not only proven secure, but with good bounds. The challenge, with regard to the latter, is in circumventing partitioning-oracle attacks, which is done by leveraging key-robust (also called key-committing) encryption and a notion of authenticity with corruptions. DtE can be instantiated to yield an efficient and practical FPBE scheme for the target applications.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. CT-RSA 2023
- Keywords
- symmetric encryptionauthenticated encryptionpasswordspartitioning-oracle attackscommitment
- Contact author(s)
-
mihir @ eng ucsd edu
lmshea @ ucsd edu - History
- 2023-02-15: approved
- 2023-02-15: received
- See all versions
- Short URL
- https://ia.cr/2023/197
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/197, author = {Mihir Bellare and Laura Shea}, title = {Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/197}, year = {2023}, url = {https://eprint.iacr.org/2023/197} }