Verifiable Message-Locked Encryption

  • Sébastien Canard
  • Fabien Laguillaumie
  • Marie Paindavoine
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10052)


One of today’s main challenge related to cloud storage is to maintain the functionalities and the efficiency of customers’ and service providers’ usual environments, while protecting the confidentiality of sensitive data. Deduplication is one of those functionalities: it enables cloud storage providers to save a lot of memory by storing only once a file uploaded several times. But classical encryption blocks deduplication. One needs to use a “message-locked encryption” (MLE), which allows the detection of duplicates and the storage of only one encrypted file on the server, which can be decrypted by any owner of the file. However, in most existing scheme, a user can bypass this deduplication protocol. In this article, we provide servers verifiability for MLE schemes: the servers can verify that the ciphertexts are well-formed. This property that we formally define forces a customer to prove that she complied to the deduplication protocol, thus preventing her to deviate from the prescribed functionality of MLE. We call it deduplication consistency. To achieve this deduplication consistency, we provide (i) a generic transformation that applies to any MLE scheme and (ii) an ElGamal-based deduplication-consistent MLE, which is secure in the random oracle model.


  1. 1.
    Abadi, M., Boneh, D., Mironov, I., Raghunathan, A., Segev, G.: Message-locked encryption for lock-dependent messages. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 374–391. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_21 CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_30 CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Keelveedhi, S.: Interactive message-locked encryption and secure deduplication. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 516–538. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46447-2_23 Google Scholar
  4. 4.
    Bellare, M., Keelveedhi, S., Ristenpart, T.: Message-locked encryption and secure deduplication. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 296–312. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_18 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006). doi:10.1007/11761679_34 CrossRefGoogle Scholar
  6. 6.
    Chung, K.-M., Vadhan, S.: Tight bounds for hashing block sources. In: Goel, A., Jansen, K., Rolim, J.D.P., Rubinfeld, R. (eds.) APPROX/RANDOM -2008. LNCS, vol. 5171, pp. 357–370. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85363-3_29 CrossRefGoogle Scholar
  7. 7.
    Cox, L.P., Murray, C.D., Noble, B.D.: Pastiche: making backup cheap and easy. In: Proceedings of the 5th Symposium on Operating Systems Design and implementation, OSDI 2002, pp. 285–298. ACM (2002)Google Scholar
  8. 8.
    Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: ICDCS, pp. 617–624 (2002)Google Scholar
  9. 9.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). doi:10.1007/3-540-47721-7_12 CrossRefGoogle Scholar
  10. 10.
    The Flud backup system.
  11. 11.
    Groth, J.: Short non-interactive zero-knowledge proofs. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 341–358. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17373-8_20 CrossRefGoogle Scholar
  12. 12.
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the Twenty-first Annual ACM Symposium on Theory of Computing, STOC 1989, pp. 12–24. ACM (1989)Google Scholar
  13. 13.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_9 Google Scholar
  14. 14.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Crypt. 13(3), 361–396 (2000)CrossRefMATHGoogle Scholar
  15. 15.
    Raghunathan, A., Segev, G., Vadhan, S.: Deterministic public-key encryption for adaptively chosen plaintext distributions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 93–110. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_6 CrossRefGoogle Scholar
  16. 16.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990). doi:10.1007/0-387-34805-0_22 CrossRefGoogle Scholar
  17. 17.
    Stadler, M.: Publicly verifiable secret sharing. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_17 CrossRefGoogle Scholar
  18. 18.
    Wilcox-O’Hearn, Z., Warner, B.: Tahoe: the least-authority filesystem. In: 4th ACM Workshop StorageSS 2008, pp. 21–26. ACM (2008)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Sébastien Canard
    • 1
  • Fabien Laguillaumie
    • 2
  • Marie Paindavoine
    • 1
    • 2
  1. 1.Orange Labs, Applied Crypto GroupCaenFrance
  2. 2.LIP (U.Lyon, CNRS, ENS Lyon, INRIA, UCBL), Université Claude Bernard Lyon 1VilleurbanneFrance

Personalised recommendations