Honey Encryption for Language

Robbing Shannon to Pay Turing?
  • Marc Beunardeau
  • Houda Ferradi
  • Rémi Géraud
  • David Naccache
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10311)


Honey Encryption (HE), introduced by Juels and Ristenpart (Eurocrypt 2014, [12]), is an encryption paradigm designed to produce ciphertexts yielding plausible-looking but bogus plaintexts upon decryption with wrong keys. Thus brute-force attackers need to use additional information to determine whether they indeed found the correct key.

At the end of their paper, Juels and Ristenpart leave as an open question the adaptation of honey encryption to natural language messages. A recent paper by Chatterjee et al. [5] takes a mild attempt at the challenge and constructs a natural language honey encryption scheme relying on simple models for passwords.

In this position paper we explain why this approach cannot be extended to reasonable-size human-written documents e.g. e-mails. We propose an alternative solution and evaluate its security.


  1. 1.
    Bojinov, H., Bursztein, E., Boyen, X., Boneh, D.: Kamouflage: Loss-Resistant Password Management. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 286–302. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15497-3_18 CrossRefGoogle Scholar
  2. 2.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords, pp. 538–552 (2012)Google Scholar
  3. 3.
    Borges, J.L.: El Jardín de senderos que se bifurcan. Editorial Sur (1941)Google Scholar
  4. 4.
    Borges, J.L.: Ficcione. Editorial Sur (1944)Google Scholar
  5. 5.
    Chatterjee, R., Bonneau, J., Juels, A., Ristenpart, T.: Cracking-resistant password vaults using natural language encoders, pp. 481–498 (2015)Google Scholar
  6. 6.
    Chomsky, N.: Three models for the description of language. IRE Trans. Inf. Theory 2(3), 113–124 (1956)CrossRefzbMATHGoogle Scholar
  7. 7.
    Chomsky, N.: On certain formal properties of grammars. Inf. Control 2(2), 137–167 (1959)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Chomsky, N.: Syntactic structures. Walter de Gruyter, Berlin (2002)CrossRefzbMATHGoogle Scholar
  9. 9.
    Cocke, J.: Programming languages and their compilers: preliminary notes (1969)Google Scholar
  10. 10.
    Eco, U.: Il pendolo di Foucault. Bompiani (2011)Google Scholar
  11. 11.
    Jakobsson, M., Dhiman, M.: The benefits of understanding passwords. In: Traynor, P. (ed.) 7th USENIX Workshop on Hot Topics in Security, HotSec 2012, Bellevue, WA, USA, 7. USENIX Association (2012)., August 2012Google Scholar
  12. 12.
    Juels, A., Ristenpart, T.: Honey encryption: security beyond the brute-force bound, pp. 293–310 (2014)Google Scholar
  13. 13.
    Kasami, T.: An efficient recognition and syntax analysis algorithm for context-free languages. Technical report, DTIC Document (1965)Google Scholar
  14. 14.
    Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms, pp. 523–537Google Scholar
  15. 15.
    Klein, D., Manning, C.D.: Accurate unlexicalized parsing. In: Proceedings of the 41st Annual Meeting on Association for Computational Linguistics, vol. 1, pp. 423–430. Association for Computational Linguistics (2003)Google Scholar
  16. 16.
    Li, Z., He, W., Akhawe, D., Song, D.: The emperor’s new password manager: security analysis of web-based password managers. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 August, pp. 465–479. USENIX Association (2014)Google Scholar
  17. 17.
    Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May, pp. 689–704. IEEE Computer Society (2014)Google Scholar
  18. 18.
    Manning, C.D., Schütze, H.: Foundations of statistical natural language processing. MIT Press, Cambridge (2001)zbMATHGoogle Scholar
  19. 19.
    Michel, J.B., Shen, Y.K., Aiden, A.P., Veres, A., Gray, M.K., Pickett, J.P., Hoiberg, D., Clancy, D., Norvig, P., Orwant, J.: Quantitative analysis of culture using millions of digitized books. Science 331(6014), 176–182 (2011)CrossRefGoogle Scholar
  20. 20.
    Rayner, K., White, S.J., Johnson, R.L., Liversedge, S.P.: Reading wrods with jubmled lettres there is a cost. Psychol. Sci. 17(3), 192–193 (2006)CrossRefGoogle Scholar
  21. 21.
    Veras, R., Collins, C., Thorpe, J.: On semantic patterns of passwords and their security impact. In: The 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014 (2014)Google Scholar
  22. 22.
    Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars, pp. 391–405 (2009)Google Scholar
  23. 23.
    Younger, D.H.: Recognition and parsing of context-free languages in time \(n^3\). Inf. Control 10(2), 189–208 (1967)CrossRefzbMATHGoogle Scholar
  24. 24.
    Kaliski, B.: PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (Informational). Internet Engineering Task Force, September 2000.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Marc Beunardeau
    • 1
  • Houda Ferradi
    • 1
  • Rémi Géraud
    • 1
  • David Naccache
    • 1
  1. 1.École Normale Supérieure, Information Security GroupParisFrance

Personalised recommendations