Message-Locked Encryption for Lock-Dependent Messages

  • Martín Abadi
  • Dan Boneh
  • Ilya Mironov
  • Ananth Raghunathan
  • Gil Segev
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8042)


Motivated by the problem of avoiding duplication in storage systems, Bellare, Keelveedhi, and Ristenpart have recently put forward the notion of Message-Locked Encryption (MLE) schemes which subsumes convergent encryption and its variants. Such schemes do not rely on permanent secret keys, but rather encrypt messages using keys derived from the messages themselves.

We strengthen the notions of security proposed by Bellare et al. by considering plaintext distributions that may depend on the public parameters of the schemes. We refer to such inputs as lock-dependent messages. We construct two schemes that satisfy our new notions of security for message-locked encryption with lock-dependent messages.

Our main construction deviates from the approach of Bellare et al. by avoiding the use of ciphertext components derived deterministically from the messages. We design a fully randomized scheme that supports an equality-testing algorithm defined on the ciphertexts.

Our second construction has a deterministic ciphertext component that enables more efficient equality testing. Security for lock-dependent messages still holds under computational assumptions on the message distributions produced by the attacker.

In both of our schemes the overhead in the length of the ciphertext is only additive and independent of the message length.


Deduplication convergent encryption message-locked encryption 


  1. 1.
  2. 2.
  3. 3.
    Adya, A., Bolosky, W.J., Castro, M., Cermak, G., Chaiken, R., Douceur, J.R., Howell, J., Lorch, J.R., Theimer, M., Wattenhofer, R.: FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In: Culler, Druschel [16], pp. 1–14Google Scholar
  4. 4.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: How to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: Definitional equivalences and constructions without random oracles. In: Wagner [31], pp. 360–378Google Scholar
  7. 7.
    Bellare, M., Keelveedhi, S., Ristenpart, T.: Message-locked encryption and secure deduplication. In: Johansson, Nguyen [21], pp. 296–312Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)Google Scholar
  9. 9.
    Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner [31], pp. 335–359Google Scholar
  11. 11.
    Boneh, D., Segev, G., Waters, B.: Targeted malleability: homomorphic encryption for restricted computations. In: Goldwasser, S. (ed.) ITCS, pp. 350–366. ACM (2012)Google Scholar
  12. 12.
    Brakerski, Z., Segev, G.: Better security for deterministic public-key encryption: The auxiliary-input setting. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 543–560. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Canetti, R.: Towards realizing random oracles: Hash functions that hide all partial information. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Cox, L.P., Murray, C.D., Noble, B.D.: Pastiche: Making backup cheap and easy. In: Culler, Druschel [16], pp. 285–298Google Scholar
  15. 15.
    Cramer, R. (ed.): TCC 2012. LNCS, vol. 7194. Springer, Heidelberg (2012)MATHGoogle Scholar
  16. 16.
    Culler, D.E., Druschel, P. (eds.): 5th Symposium on Operating System Design and Implementation (OSDI 2002), Boston, Massachusetts, USA, December 9-11. USENIX Association (2002)Google Scholar
  17. 17.
    Dodis, Y., Ristenpart, T., Vadhan, S.P.: Randomness condensers for efficiently samplable, seed-dependent sources. In: Cramer [15], pp. 618–635Google Scholar
  18. 18.
    Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: ICDCS, pp. 617–624 (2002)Google Scholar
  19. 19.
    Fuller, B., O’Neill, A., Reyzin, L.: A unified approach to deterministic encryption: New constructions and a connection to computational entropy. In: Cramer [15], pp. 582–599Google Scholar
  20. 20.
    Harnik, D., Pinkas, B., Shulman-Peleg, A.: Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy 8(6), 40–47 (2010)CrossRefGoogle Scholar
  21. 21.
    Johansson, T., Nguyen, P.Q. (eds.): EUROCRYPT 2013. LNCS, vol. 7881. Springer, Heidelberg (2013)MATHGoogle Scholar
  22. 22.
    Kim, Y., Yurcik, W. (eds.): Proceedings of the 2008 ACM Workshop on Storage Security and Survivability, StorageSS 2008, Alexandria, VA, USA. ACM (October 31, 2008)Google Scholar
  23. 23.
    MacWilliams, F., Sloane, N.: The theory of error-correcting codes. North-Holland (1977)Google Scholar
  24. 24.
    Mironov, I., Pandey, O., Reingold, O., Segev, G.: Incremental deterministic public-key encryption. In: Pointcheval, Johansson [27], pp. 628–644Google Scholar
  25. 25.
    Mislove, A., Post, A., Reis, C., Willmann, P., Druschel, P., Wallach, D.S., Bonnaire, X., Sens, P., Busca, J.M., Arantes, L.B.: POST: A secure, resilient, cooperative messaging system. In: Jones, M.B. (ed.) HotOS, pp. 61–66. USENIX (2003)Google Scholar
  26. 26.
    Muthitacharoen, A., Chen, B., Mazières, D.: A low-bandwidth network file system. In: SOSP 2001, pp. 174–187 (2001)Google Scholar
  27. 27.
    Pointcheval, D., Johansson, T. (eds.): EUROCRYPT 2012. LNCS, vol. 7237. Springer, Heidelberg (2012)MATHGoogle Scholar
  28. 28.
    Quinlan, S., Dorward, S.: Venti: A new approach to archival storage. In: Long, D.D.E. (ed.) FAST, pp. 89–101. USENIX (2002)Google Scholar
  29. 29.
    Raghunathan, A., Segev, G., Vadhan, S.P.: Deterministic public-key encryption for adaptively chosen plaintext distributions. In: Johansson, Nguyen [21], pp. 93–110Google Scholar
  30. 30.
    Storer, M.W., Greenan, K.M., Long, D.D.E., Miller, E.L.: Secure data deduplication. In: Kim, Yurcik [22], pp. 1–10Google Scholar
  31. 31.
    Wagner, D. (ed.): CRYPTO 2008. LNCS, vol. 5157. Springer, Heidelberg (2008)MATHGoogle Scholar
  32. 32.
    Wee, H.: Dual projective hashing and its applications—lossy trapdoor functions and more. In: Pointcheval, Johansson [22], pp. 246–262Google Scholar
  33. 33.
    Wilcox-O’Hearn, Z., Warner, B.: Tahoe: the least-authority filesystem. In: Kim, Yurcik [22], pp. 21–26Google Scholar
  34. 34.
    Yang, G., Tan, C.H., Huang, Q., Wong, D.S.: Probabilistic public key encryption with equality test. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 119–131. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  35. 35.
    Zhu, B., Li, K., Patterson, R.H.: Avoiding the disk bottleneck in the data domain deduplication file system. In: Baker, M., Riedel, E. (eds.) FAST, pp. 269–282. USENIX (2008)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Martín Abadi
    • 1
    • 3
  • Dan Boneh
    • 2
  • Ilya Mironov
    • 1
  • Ananth Raghunathan
    • 2
  • Gil Segev
    • 2
  1. 1.Microsoft Research Silicon ValleyUSA
  2. 2.Stanford UniversityUSA
  3. 3.University of California, Santa CruzUSA

Personalised recommendations