Skip to main content
SpringerLink
Log in

Honey Encryption for Language

Robbing Shannon to Pay Turing?

  • Conference paper
  • First Online:
Book cover Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology (Mycrypt 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10311))

Included in the following conference series:

Abstract

Honey Encryption (HE), introduced by Juels and Ristenpart (Eurocrypt 2014, [12]), is an encryption paradigm designed to produce ciphertexts yielding plausible-looking but bogus plaintexts upon decryption with wrong keys. Thus brute-force attackers need to use additional information to determine whether they indeed found the correct key.

At the end of their paper, Juels and Ristenpart leave as an open question the adaptation of honey encryption to natural language messages. A recent paper by Chatterjee et al. [5] takes a mild attempt at the challenge and constructs a natural language honey encryption scheme relying on simple models for passwords.

In this position paper we explain why this approach cannot be extended to reasonable-size human-written documents e.g. e-mails. We propose an alternative solution and evaluate its security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Such passwords may be learnt from password leaks [11, 21, 22].

  2. 2.

    We stress that unlike e.g. Kamouflage [1] which deals with passwords, syntactic honey encyrption applies to natural language.

  3. 3.

    Note that such a skeleton might be ambiguous in certain constructions, for instance in sentences such as “Time flies like an arrow; fruit flies like a banana”.

  4. 4.

    This is conceptually similar to Borges’ famous library [3, 4].

  5. 5.

    See for instance http://www.ngrams.info/.

  6. 6.

    An extreme example is William Shakespeare’s use of inversion as a poetic device: “If’t be so, For Banquo’s issue have I fil’d my mind,/ For them the gracious Duncan have I murther’d,/Put rancors in the vessel of my peace” (MacBeth, III.1.8).

  7. 7.

    We may assume that communication with such services is secure, i.e. confidential and non-malleable, for the sake of argument.

  8. 8.

    The Arabic equivalent is madrasa.

  9. 9.

    The way some characters do in Umberto Eco’s novel, Il pendolo di Foucault[10].

  10. 10.

    www.wolframalpha.com.

References

  1. Bojinov, H., Bursztein, E., Boyen, X., Boneh, D.: Kamouflage: Loss-Resistant Password Management. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 286–302. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15497-3_18

    Chapter  Google Scholar 

  2. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords, pp. 538–552 (2012)

    Google Scholar 

  3. Borges, J.L.: El Jardín de senderos que se bifurcan. Editorial Sur (1941)

    Google Scholar 

  4. Borges, J.L.: Ficcione. Editorial Sur (1944)

    Google Scholar 

  5. Chatterjee, R., Bonneau, J., Juels, A., Ristenpart, T.: Cracking-resistant password vaults using natural language encoders, pp. 481–498 (2015)

    Google Scholar 

  6. Chomsky, N.: Three models for the description of language. IRE Trans. Inf. Theory 2(3), 113–124 (1956)

    Article  MATH  Google Scholar 

  7. Chomsky, N.: On certain formal properties of grammars. Inf. Control 2(2), 137–167 (1959)

    Article  MathSciNet  MATH  Google Scholar 

  8. Chomsky, N.: Syntactic structures. Walter de Gruyter, Berlin (2002)

    Book  MATH  Google Scholar 

  9. Cocke, J.: Programming languages and their compilers: preliminary notes (1969)

    Google Scholar 

  10. Eco, U.: Il pendolo di Foucault. Bompiani (2011)

    Google Scholar 

  11. Jakobsson, M., Dhiman, M.: The benefits of understanding passwords. In: Traynor, P. (ed.) 7th USENIX Workshop on Hot Topics in Security, HotSec 2012, Bellevue, WA, USA, 7. USENIX Association (2012)., August 2012

    Google Scholar 

  12. Juels, A., Ristenpart, T.: Honey encryption: security beyond the brute-force bound, pp. 293–310 (2014)

    Google Scholar 

  13. Kasami, T.: An efficient recognition and syntax analysis algorithm for context-free languages. Technical report, DTIC Document (1965)

    Google Scholar 

  14. Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms, pp. 523–537

    Google Scholar 

  15. Klein, D., Manning, C.D.: Accurate unlexicalized parsing. In: Proceedings of the 41st Annual Meeting on Association for Computational Linguistics, vol. 1, pp. 423–430. Association for Computational Linguistics (2003)

    Google Scholar 

  16. Li, Z., He, W., Akhawe, D., Song, D.: The emperor’s new password manager: security analysis of web-based password managers. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 August, pp. 465–479. USENIX Association (2014)

    Google Scholar 

  17. Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May, pp. 689–704. IEEE Computer Society (2014)

    Google Scholar 

  18. Manning, C.D., Schütze, H.: Foundations of statistical natural language processing. MIT Press, Cambridge (2001)

    MATH  Google Scholar 

  19. Michel, J.B., Shen, Y.K., Aiden, A.P., Veres, A., Gray, M.K., Pickett, J.P., Hoiberg, D., Clancy, D., Norvig, P., Orwant, J.: Quantitative analysis of culture using millions of digitized books. Science 331(6014), 176–182 (2011)

    Article  Google Scholar 

  20. Rayner, K., White, S.J., Johnson, R.L., Liversedge, S.P.: Reading wrods with jubmled lettres there is a cost. Psychol. Sci. 17(3), 192–193 (2006)

    Article  Google Scholar 

  21. Veras, R., Collins, C., Thorpe, J.: On semantic patterns of passwords and their security impact. In: The 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014 (2014)

    Google Scholar 

  22. Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars, pp. 391–405 (2009)

    Google Scholar 

  23. Younger, D.H.: Recognition and parsing of context-free languages in time \(n^3\). Inf. Control 10(2), 189–208 (1967)

    Article  MATH  Google Scholar 

  24. Kaliski, B.: PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (Informational). Internet Engineering Task Force, September 2000. http://www.ietf.org/rfc/rfc2898.txt

Download references

Author information

Authors and Affiliations

  1. École Normale Supérieure, Information Security Group, Paris, France

    Marc Beunardeau, Houda Ferradi, Rémi Géraud & David Naccache

Authors
  1. Marc Beunardeau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Houda Ferradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rémi Géraud
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Naccache
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rémi Géraud .

Editor information

Editors and Affiliations

  1. Multimedia University, MMU, Cyberjaya, Malaysia

    Raphaël C.-W. Phan

  2. Snapchat and Columbia University, New York, New York, USA

    Moti Yung

A Grammatical tags for English

A Grammatical tags for English

See Table 1.

Table 1. Partial list of grammatical roles.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Beunardeau, M., Ferradi, H., Géraud, R., Naccache, D. (2017). Honey Encryption for Language. In: Phan, RW., Yung, M. (eds) Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology. Mycrypt 2016. Lecture Notes in Computer Science(), vol 10311. Springer, Cham. https://doi.org/10.1007/978-3-319-61273-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61273-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61272-0

  • Online ISBN: 978-3-319-61273-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation