• shareshare
  • link
  • cite
  • add
auto_awesome_motion View all 5 versions
Publication . Preprint . Conference object . Article . 2020

Efficiency Improvements for Encrypt-to-Self

Jeroen Pijnenburg; Bertram Poettering;
Open Access

Recent work by Pijnenburg and Poettering (ESORICS'20) explores the novel cryptographic Encrypt-to-Self primitive that is dedicated to use cases of symmetric encryption where encryptor and decryptor coincide. The primitive is envisioned to be useful whenever a memory-bounded computing device is required to encrypt some data with the aim of temporarily depositing it on an untrusted storage device. While the new primitive protects the confidentiality of payloads as much as classic authenticated encryption primitives would do, it provides considerably better authenticity guarantees: Specifically, while classic solutions would completely fail in a context involving user corruptions, if an encrypt-to-self scheme is used to protect the data, all ciphertexts and messages fully remain unforgeable. To instantiate their encrypt-to-self primitive, Pijnenburg et al propose a mode of operation of the compression function of a hash function, with a carefully designed encoding function playing the central role in the serialization of the processed message and associated data. In the present work we revisit the design of this encoding function. Without questioning its adequacy for securely accomplishing the encrypt-to-self job, we improve on it from a technical/implementational perspective by proposing modifications that alleviate certain conditions that would inevitably require implementations to disrespect memory alignment restrictions imposed by the word-wise operation of modern CPUs, ultimately leading to performance penalties. Our main contributions are thus to propose an improved encoding function, to explain why it offers better performance, and to prove that it provides as much security as its predecessor. We finally report on our open-source implementation of the encrypt-to-self primitive based on the new encoding function.

this is the full version of content that appears at CYSARM'20

Subjects by Vocabulary

Microsoft Academic Graph classification: Hash function Serialization Computer security computer.software_genre computer Encryption business.industry business Authenticated encryption Symmetric-key algorithm Computer science Data structure alignment Cryptographic protocol Cryptography


Computer Science - Cryptography and Security, Cryptography and Security (cs.CR), FOS: Computer and information sciences

14 references, page 1 of 2

[1] Alpern, B., and Schneider, F. B. Recognizing safety and liveness. Distributed Computing 2, 3 (1987), 117-126. [OpenAIRE]

[2] Aviram, N., Gellert, K., and Jager, T. Session resumption protocols and eficient forward security for TLS 1.3 0-RTT. In Advances in Cryptology - EUROCRYPT 2019, Part II (Darmstadt, Germany, May 19-23, 2019), Y. Ishai and V. Rijmen, Eds., vol. 11477 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 117-150.

[3] Biham, E., and Chen, R. Near-collisions of SHA-0. In Advances in Cryptology - CRYPTO 2004 (Santa Barbara, CA, USA, Aug. 15-19, 2004), M. Franklin, Ed., vol. 3152 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 290-305.

[4] Dodis, Y., Grubbs, P., Ristenpart, T., and Woodage, J. Fast message franking: From invisible salamanders to encryptment. In Advances in Cryptology - CRYPTO 2018, Part I (Santa Barbara, CA, USA, Aug. 19-23, 2018), H. Shacham and A. Boldyreva, Eds., vol. 10991 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 155-186.

[5] Dworkin, M. J. SP 800-38D: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. Tech. rep., National Institute of Standards & Technology, Gaithersburg, MD, United States, 2007. http: //

[6] Krovetz, T., and Rogaway, P. The OCB Authenticated-Encryption Algorithm. RFC 7253, May 2014.

[7] Liskov, M., Rivest, R. L., and Wagner, D. Tweakable block ciphers. Journal of Cryptology 24, 3 (July 2011), 588-613.

[8] Nir, Y., and Langley, A. ChaCha20 and Poly1305 for IETF Protocols. RFC 8439, June 2018.

[9] NIST. FIPS 180-4: Secure Hash Standard (SHS). Tech. rep., NIST, 2015.

[10] Pijnenburg, J., and Poettering, B. Encrypt-to-self: Securely outsourcing storage. In ESORICS (2020), vol. 12308 of Lecture Notes in Computer Science, Springer, pp. ?- ? [OpenAIRE]

Funded by
EC| FutureTPM
Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module
  • Funder: European Commission (EC)
  • Project Code: 779391
  • Funding stream: H2020 | RIA
Validated by funder