Jump to content

Convergent encryption

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Widefox (talk | contribs) at 12:46, 4 April 2013 (see also, link data de dup). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Convergent encryption, also known as content hash keying, is a cryptosystem that produces identical ciphertext from identical plaintext files. This has applications in cloud computing to remove duplicate files from storage without the provider having access to the encryption keys.[1] The system was first mentioned by John Pettitt on the cypherpunk's mailing list in 1996 [2] and has been used by Farsite,[3] Freenet, MojoNation, GNUnet, flud, and the Tahoe Least-Authority Filesystem.[4]

The system gained additional visibility in 2011 when cloud storage provider Bitcasa announced they were using convergent encryption.[5]

Overview

  1. The plaintext is hashed using a cryptographic hash.
  2. The hash is then used to encrypt the plaintext.
  3. The ciphertext is then uploaded to the cloud provider.

Known Attacks

Convergent encryption is open to a "confirmation of a file attack" since if the attacker knows the plaintext of the file, they can then check if a user has this file. This attack may only be a problem for a user storing information that is also publicly available - e.g. banned books or files that cause copyright infringement.

There is also a "learn the remaining information attack" described by Drew Perttula in 2008.[6] This type of attack applies to the encryption of documents that are only a slight variation of a public document. These include marginal revisions of public document, filled public form... For example if defender encrypts a bank form including a ten digit bank account number, an attacker that is aware of generic bank form format may extract defender's bank account number by producing bank form for all possible bank account numbers, encrypt them and then by comparing those encryptions with defender's encrypted file deduce his bank account number.

See also

References

  1. ^ Secure Data Deduplication, Mark W. Storer Kevin Greenan Darrell D. E. Long Ethan L. Miller http://www.ssrc.ucsc.edu/Papers/storer-storagess08.pdf
  2. ^ "Re: Hash of plaintext as key?", Cypherpunks Mailing List, http://web.archive.org/web/20061103171849/http://cypherpunks.venona.com/date/1996/02/msg02013.html
  3. ^ Reclaiming Space from Duplicate Files in a Serverless Distributed File System, MSR-TR-2002-30, http://research.microsoft.com/apps/pubs/default.aspx?id=69954
  4. ^ Drew Perttula and Attacks on Convergent Encryption https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html
  5. ^ Finally! Bitcasa CEO Explains How The Encryption Works, September 18th, 2011, http://techcrunch.com/2011/09/18/bitcasa-explains-encryption/
  6. ^ https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html
Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Convergent_encryption&oldid=548654033"