Paper 2023/197

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks

Mihir Bellare, University of California San Diego
Laura Shea, University of California San Diego

We introduce flexible password-based encryption (FPBE), an extension of traditional password-based encryption designed to meet the operational and security needs of contemporary applications like end-to-end secure cloud storage. Operationally, FPBE supports nonces, associated data and salt reuse. Security-wise, it strengthens the usual privacy requirement, and, most importantly, adds an authenticity requirement, crucial because end-to-end security must protect against a malicious server. We give an FPBE scheme called DtE that is not only proven secure, but with good bounds. The challenge, with regard to the latter, is in circumventing partitioning-oracle attacks, which is done by leveraging key-robust (also called key-committing) encryption and a notion of authenticity with corruptions. DtE can be instantiated to yield an efficient and practical FPBE scheme for the target applications.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. CT-RSA 2023
symmetric encryptionauthenticated encryptionpasswordspartitioning-oracle attackscommitment
Contact author(s)
mihir @ eng ucsd edu
lmshea @ ucsd edu
2023-02-15: approved
2023-02-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Laura Shea},
      title = {Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2023/197},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.