skip to main content
10.1145/2046660.2046681acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Privacy-preserving outsourcing of brute-force key searches

Published: 21 October 2011 Publication History

Abstract

In this work, we investigate the privacy-preserving properties of encryption algorithms in the special case where encrypted data might be brute-force decrypted in a distributed setting. For that purpose, we consider a problem where a supervisor holds a ciphertext and wants to search for the corresponding key assisted by a set of helper nodes, without the nodes learning any information about the plaintext or the decryption key. We call this a privacy-preserving cryptographic key search. We provide a model for privacy-preserving cryptographic searches and we introduce two types of privacy-preserving key search problems: plaintext-hiding and key-hiding cryptographic search. We show that a number of private-key and public-key encryption schemes enable the construction of efficient privacy-preserving solvers for plaintext hiding searches. We also discuss possible constructions of privacy-preserving solvers for key-hiding cryptographic searches.
Our results highlight the need to consider the property of enabling efficient privacy-preserving solvers as an additional criterion for choosing which cryptographic algorithm to use.

References

[1]
Distributed.Net, Available from: http://distributed.net/.
[2]
Electronic Frontier Foundation, Available from: http://www.eff.org.
[3]
M4 Project, Available from: http://www.bytereef.org/m4_project.html.
[4]
RSA's DES Challenge III, Available from: http://www.rsa.com/rsalabs/node.asp?id=2108.
[5]
DES Cracker, Available from: http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_e%ff_des_faq.html.
[6]
NIST Report on Cryptographic Key Length and CryptoPeriod, Available from: http://www.keylength.com/en/4/.
[7]
WPA Cracker, Available from: http://www.wpacracker.com/index.html.
[8]
Applebaum, B., Ringberg, H., Freedman, M. J., Caesar, M., and Rexford, J. Collaborative, Privacy-Preserving Data Aggregation at Scale. In Proceedings of PETS (2010).
[9]
Artzi, S., Kiezun, A., Newport, C., and Schultz, D. Encrypted Keyword Search in a Distributed Storage System. MIT CSAIL Tech Report MIT-CSAIL-TR-2006-010, 2006.
[10]
Biham, E., and Shamir, A. Differential Cryptanalysis of the Full 16-Round DES. In Proceedings of CRYPTO (1992).
[11]
Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., and Shamir, A. Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds. In Proceedings of EUROCRYPT (2010).
[12]
Boneh, D. Twenty Years of Attacks on the RSA Cryptosystem. In Notices of the American Mathematical Society (AMS) (1999).
[13]
Brickell, J., Porter, D., Shmatikov, V., and Witchel, E. Privacy-Preserving Remote Diagnostics. In Proceedings of ACM CCS (2007).
[14]
Brickell, J., and Shmatikov, V. Privacy-Preserving Classifier Learning. In Financial Crypto (2009).
[15]
Cachin, C. On the Foundations of Oblivious Transfer. In Proceedings of EUROCRYPT (1998).
[16]
Cachin, C., Micali, S., and Stadler, M. Computationally Private Information Retrieval with Polylogarithmic Communication. In Proceedings of EUROCRYPT (1999).
[17]
Canetti, R., Dwork, C., Naor, M., and Ostrovsky, R. Deniable Encryption. In Proceedings of CRYPTO (1997).
[18]
Canetti, R., Feige, U., Goldreich, O., and Naor, M. Adaptively Secure Multi-party Computation. In Proceedings of the twenty-eighth annual ACM symposium on Theory of Computing (STOC) (1996).
[19]
Chaum, D. Blind Signatures for Untraceable Payments. In Proceedings of CRYPTO (1982).
[20]
Chor, B., Kushilevitz, E., Goldreich, O., and Sudan, M. Private Information Retrieval. In Journal of the ACM (1998).
[21]
Coppersmith, D., Franklin, M., Patarin, J., and Reiter, M. Low-exponent RSA with related messages. In Proceedings of EUROCRYPT (1996).
[22]
Du, W., Jia, J., Mangal, M., and Murugesan, M. Uncheatable Grid Computing. In Proceedings of ICDCS (2004).
[23]
Duermuth, M., and Freeman, D. M. Deniable Encryption with Negligible Detection Probability: An Interactive Construction. To Appear in EUROCRYPT, 2011. Available from http://eprint.iacr.org/2011/066.pdf.
[24]
ElGamal, T. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In IEEE Transactions on Information Theory (1985).
[25]
Gennaro, R., Gentry, C., and Parno, B. Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers. In Proceedings of CRYPTO (2010).
[26]
Gentry, C., and Ramzan, Z. Single-Database Private Information Retrieval with Constant Communication Rate. In Automata, Languages and Programming (2005).
[27]
Goldwasser, S., Micali, S., and Rackoff, C. The Knowledge Complexity of Interactive Proof-Systems. In Proceedings of 17th Symposium on the Theory of Computation (1985).
[28]
Golle, P., and Mironov, I. Uncheatable Distributed Computations. In Proceedings of the RSA Conference (2001).
[29]
Goodrich, M. T. Pipelined Algorithms to Detect Cheating in Long-Term Grid Computations. In Theoretical Computer Science, LNCS, Springer (2008).
[30]
Hohenberger, S., and Lysyanskaya, A. How To Securely Outsource Cryptographic Computations. In Theory of Cryptography Conference, LNCS, Springer (2005).
[31]
Huang, Q., Wang, H. J., and Borisov, N. Privacy-Preserving Friends Troubleshooting Network. In Proceedings of NDSS (2005).
[32]
Huanga, Y., Malka, L., Evans, D., and Katz, J. Efficient Privacy-Preserving Biometric Identification. In Proceedings of NDSS (2011).
[33]
Jakobsson, M., and Wetzel, S. Secure Server-Aided Signature Generation. In Proceedings of the 4th International Workshop on Public Key Cryptography (PKC), LNCS, Springer (2001).
[34]
Jochemsz, E., and May, A. A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N0.073. In Proceedings of CRYPTO (2007).
[35]
Karame, G., Strasser, M., and Capkun, S. Secure Remote Execution of Sequential Computations. In Proceedings of ICICS (2009).
[36]
Katzenbeisser, S. Recent Advances in RSA Cryptography. Volume 3 of Advances in Information Security, Springer, 2001.
[37]
Klonowski, M., Kubiak, P., and Kutylowski, M. Practical Deniable Encryption. In Proceedings of SOFSEM: Theory and Practice of Computer Science (2008).
[38]
Lincoln, P., Porras, P., and Shmatikov, V. Privacy-Preserving Sharing and Correlation of Security Alerts. In Proceedings of USENIX Security (2004).
[39]
Lindqvist, J., Aura, T., Danezis, G., Koponen, T., Myllyniemi, A., Maki, J., and Roe, M. Privacy-Preserving 802.11 Access-Point Discovery. In Proceedings of ACM WiSec (2009).
[40]
Mantin, I., and Shamir, A. A Practical Attack on Broadcast RC4. In Proceedings of FSE (2001).
[41]
Paninski, L. A Coincidence-based Test for Uniformity given very Sparsely-Sampled Discrete Data. In IEEE Transactions on Information Theory (2008).
[42]
Rabin, M. O. How to Exchange Secrets by Oblivious Transfers. Technical Report, Harvard University, 1981.
[43]
Schnorr, C. Efficient Identification and Signatures for Smart Cards. In Proceedings of CRYPTO (1990).
[44]
Shaneck, M., Kim, Y., and Kumar, V. Privacy Preserving Nearest Neighbor Search. In Proceedings of the International Conference on Data Mining (2006).
[45]
Sion, R. Towards Secure Data Outsourcing. M. Gertz and S. Jajodia (editors), Springer Verlag, ISBN: 978-0-387-48532-4, 2008.
[46]
Szajda, D., Lawson, B., and Owen, J. Hardening Functions for Large Scale Distributed Computations. In Proceedings of the IEEE Symposium on Security and Privacy (2003).
[47]
Wang, R., Wang, X., Li, Z., Tang, H., Reiter, M., and Dong, Z. Privacy-Preserving Genomic Computation Through Program Specialization. In Proceedings of ACM CCS (2009).

Cited By

View all
  • (2019)A Distributed Cryptanalysis Framework Based on Mobile PhonesArtificial Intelligence and Security10.1007/978-3-030-24268-8_30(318-331)Online publication date: 11-Jul-2019
  • (2018)A Mobile Terminal Security Strategy Based On the Cloud StorageInternational Journal of Advanced Network, Monitoring and Controls10.21307/ijanmc-2017-0092:2(46-59)Online publication date: 8-Apr-2018
  • (2014)Microcomputations as Micropayments in Web-based ServicesACM Transactions on Internet Technology10.1145/261152613:3(1-23)Online publication date: 1-May-2014
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCSW '11: Proceedings of the 3rd ACM workshop on Cloud computing security workshop
October 2011
138 pages
ISBN:9781450310048
DOI:10.1145/2046660
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. brute-force key search
  2. distributed computing
  3. privacy-preserving solvers

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)A Distributed Cryptanalysis Framework Based on Mobile PhonesArtificial Intelligence and Security10.1007/978-3-030-24268-8_30(318-331)Online publication date: 11-Jul-2019
  • (2018)A Mobile Terminal Security Strategy Based On the Cloud StorageInternational Journal of Advanced Network, Monitoring and Controls10.21307/ijanmc-2017-0092:2(46-59)Online publication date: 8-Apr-2018
  • (2014)Microcomputations as Micropayments in Web-based ServicesACM Transactions on Internet Technology10.1145/261152613:3(1-23)Online publication date: 1-May-2014
  • (2013)A Scheme for the Generation of Strong ICMetrics Based Session Key Pairs for Secure Embedded System ApplicationsProceedings of the 2013 27th International Conference on Advanced Information Networking and Applications Workshops10.1109/WAINA.2013.143(689-696)Online publication date: 25-Mar-2013
  • (2013)Resilience against brute force and rainbow table attacks using strong ICMetrics session key pairs2013 1st International Conference on Communications, Signal Processing, and their Applications (ICCSPA)10.1109/ICCSPA.2013.6487307(1-6)Online publication date: Feb-2013

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media