2021 ITC Conference: Post-Compromise Security in Self-Encryption
Explore post-compromise security in self-encryption at ITC 2021, highlighting key research by Gwangbae Choi, Betül Durak, and Serge Vaudenay 🔐.
Paul G. Allen School
599 views • Jul 21, 2021
About this video
ITC Conference, July 24 - 26, 2021
Post-Compromise Security in Self-Encryption
(Gwangbae Choi, F. Betül Durak, and Serge Vaudenay)
In self-encryption, a device encrypts some piece of information for itself to decrypt in the future. We are interested in security of self-encryption when the state occasionally leaks. Applications that use self-encryption include cloud storage, when a client encrypts files to be stored, and in 0-RTT session resumptions, when a server encrypts a resumption key to be kept by the client.
Previous works focused on forward security and resistance to replay attacks. In our work, we study post-compromise security (PCS). PCS was achieved in ratcheted instant messaging schemes, at the price of having an inflating state size. An open question was whether state inflation was necessary. In our results, we prove that post-compromise security implies a super-linear state size in terms of the number of active ciphertexts which can still be decrypted. We apply our result to self-encryption for cloud storage, 0-RTT session resumption, and secure messaging. We further show how to construct a secure scheme matching our bound on the state size up to a constant factor.
Post-Compromise Security in Self-Encryption
(Gwangbae Choi, F. Betül Durak, and Serge Vaudenay)
In self-encryption, a device encrypts some piece of information for itself to decrypt in the future. We are interested in security of self-encryption when the state occasionally leaks. Applications that use self-encryption include cloud storage, when a client encrypts files to be stored, and in 0-RTT session resumptions, when a server encrypts a resumption key to be kept by the client.
Previous works focused on forward security and resistance to replay attacks. In our work, we study post-compromise security (PCS). PCS was achieved in ratcheted instant messaging schemes, at the price of having an inflating state size. An open question was whether state inflation was necessary. In our results, we prove that post-compromise security implies a super-linear state size in terms of the number of active ciphertexts which can still be decrypted. We apply our result to self-encryption for cloud storage, 0-RTT session resumption, and secure messaging. We further show how to construct a secure scheme matching our bound on the state size up to a constant factor.
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
599
Likes
2
Duration
20:48
Published
Jul 21, 2021
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.