Convergent encryption
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
Convergent encryption, also known as content hash keying, is a cryptosystem that produces identical ciphertext from identical plaintext files. This has applications in cloud computing to remove duplicate files from storage without the provider having access to the encryption keys [1]. The system was first mentioned by John Pettitt on the cypherpunks list in 1996 [2] and has been used by Freenet, MojoNation, GNUnet, flud, and the Tahoe Least-Authority Filesystem [3].
The system gained additional visibility in 2011 when cloud storage provider Bitcasa announced they were using convergent encryption [4].
Overview
- The plaintext is hashed using a cryptographic hash
- The hash is then used the encrypt the plaintext
- The ciphertext is then uploaded to the cloud provider
Known Attacks
Convergent encryption is open to a "confirmation of a file attack" since if the attacker knows the plaintext of the file, they can then check if a user has this file. This attack may only be a problem for a user storing information that is also publicly available - e.g. banned books or files that cause copyright infringement.
There is also a "learn the remaining information attack" described by Drew Perttula in 2008 [5].
References
- ^ Secure Data Deduplication, Mark W. Storer Kevin Greenan Darrell D. E. Long Ethan L. Miller http://www.ssrc.ucsc.edu/Papers/storer-storagess08.pdf
- ^ "Re: Hash of plaintext as key?", Cypherpunks Mailing List, http://web.archive.org/web/20061103171849/http://cypherpunks.venona.com/date/1996/02/msg02013.html
- ^ Drew Perttula and Attacks on Convergent Encryption https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html
- ^ Finally! Bitcasa CEO Explains How The Encryption Works, September 18th, 2011, http://techcrunch.com/2011/09/18/bitcasa-explains-encryption/
- ^ https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html