Message-locked encryption for lock-dependent messages

Martín Abadi, Dan Boneh, Ilya Mironov, Ananth Raghunathan, Gil Segev

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

99 Scopus citations

Abstract

Motivated by the problem of avoiding duplication in storage systems, Bellare, Keelveedhi, and Ristenpart have recently put forward the notion of Message-Locked Encryption (MLE) schemes which subsumes convergent encryption and its variants. Such schemes do not rely on permanent secret keys, but rather encrypt messages using keys derived from the messages themselves. We strengthen the notions of security proposed by Bellare et al. by considering plaintext distributions that may depend on the public parameters of the schemes. We refer to such inputs as lock-dependent messages. We construct two schemes that satisfy our new notions of security for message-locked encryption with lock-dependent messages. Our main construction deviates from the approach of Bellare et al. by avoiding the use of ciphertext components derived deterministically from the messages. We design a fully randomized scheme that supports an equality-testing algorithm defined on the ciphertexts. Our second construction has a deterministic ciphertext component that enables more efficient equality testing. Security for lock-dependent messages still holds under computational assumptions on the message distributions produced by the attacker. In both of our schemes the overhead in the length of the ciphertext is only additive and independent of the message length.

Original languageAmerican English
Title of host publicationAdvances in Cryptology, CRYPTO 2013 - 33rd Annual Cryptology Conference, Proceedings
Pages374-391
Number of pages18
EditionPART 1
DOIs
StatePublished - 2013
Externally publishedYes
Event33rd Annual International Cryptology Conference, CRYPTO 2013 - Santa Barbara, CA, United States
Duration: 18 Aug 201322 Aug 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume8042 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference33rd Annual International Cryptology Conference, CRYPTO 2013
Country/TerritoryUnited States
CitySanta Barbara, CA
Period18/08/1322/08/13

Keywords

  • Deduplication
  • convergent encryption
  • message-locked encryption

Fingerprint

Dive into the research topics of 'Message-locked encryption for lock-dependent messages'. Together they form a unique fingerprint.

Cite this