Paper 2023/197

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks

Mihir Bellare, University of California San Diego
Laura Shea, University of California San Diego
Abstract

We introduce flexible password-based encryption (FPBE), an extension of traditional password-based encryption designed to meet the operational and security needs of contemporary applications like end-to-end secure cloud storage. Operationally, FPBE supports nonces, associated data and salt reuse. Security-wise, it strengthens the usual privacy requirement, and, most importantly, adds an authenticity requirement, crucial because end-to-end security must protect against a malicious server. We give an FPBE scheme called DtE that is not only proven secure, but with good bounds. The challenge, with regard to the latter, is in circumventing partitioning-oracle attacks, which is done by leveraging key-robust (also called key-committing) encryption and a notion of authenticity with corruptions. DtE can be instantiated to yield an efficient and practical FPBE scheme for the target applications.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CT-RSA 2023
Keywords
symmetric encryptionauthenticated encryptionpasswordspartitioning-oracle attackscommitment
Contact author(s)
mihir @ eng ucsd edu
lmshea @ ucsd edu
History
2023-02-15: approved
2023-02-15: received
See all versions
Short URL
https://ia.cr/2023/197
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/197,
      author = {Mihir Bellare and Laura Shea},
      title = {Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/197},
      year = {2023},
      url = {https://eprint.iacr.org/2023/197}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.