Venue | Category |
---|---|
CCSW'14 | Encrypted Deduplication |
Distributed Key Generation for Encrypted Deduplication: Achieving the Strongest Privacy1. SummaryMotivation of this paperDistributed Key GenerationImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
show it is strictly stronger than all relevant notions. Lacking in original paper
allows less managed system such as P2P systems to enjoy the high security level.
difficult to deploy in a less managed setting such as P2P systems impairs its security, as compromising a single key server reduces its protection to that of CE.
Security notion
A new security notion of the encrypted deduplication: D-IND$CPA
MLE or D-PKE cannot be semantically secure, as they leak message equality.
Eliminating the key server
for P2P paradigm, it attains the same security as DupLESS
variant of RSA threshold signature scheme
Distributed oblivious key generation (DOPG)
signature shares proof of correctness combining shares blinding: blind signature shares
Implementation
Evaluation
Microbenchmarks
Computation time
the client latency for the entire key generation process, including both computation
Impact on upload throughput
DupLESS lacks a rigorous security notion to verify its security
Server-aided MLE provides the best possible security for encrypted deduplication.
without a storage service provider.
CPA: chosen plaintext attacks CCA1: chosen ciphertext attack CCA2: adaptive chosen ciphertext attack