#SHAREIT OLD VERSION PC NON UPDATABLE UPDATE#
The trivial approach to update an existing ciphertext towards a new key is to decrypt the ciphertext and re-encrypt the underlying plaintext from scratch using the fresh key. Many cloud storage providers that implement data-at-rest encryption, such as Google and Amazon, employ a similar feature . For instance, the Payment Card Industry Data Security Standard (PCI DSS), which specifies how credit card data must be stored in encrypted form mandates key rotation, meaning that encrypted data must regularly be moved from an old to a fresh key. Key rotation is considered good practice as it hedges against the impact of cryptographic keys being compromised over time. In data storage, key rotation refers to the process of (periodically) exchanging the cryptographic key material that is used to protect the data. Finally, we propose a new updatable encryption scheme that achieves our strong notions while being (at least) as efficient as the existing solutions. We then analyze various existing schemes and show that none of them is secure in this strong model, but we formulate the additional constraints that suffice to prove their security in a relaxed version of our model. We propose strong security models that clearly capture post-compromise and forward security under adaptive attacks. Surprisingly, none of the models so far reflects the timely aspect of key rotation which makes it hard to grasp when an adversary is allowed to corrupt keys. allows to recover the current key upon corruption of a single old key. In fact, the simple scheme recently proposed by Everspaugh et al. We show that the existing ciphertext-independent schemes and models by Boneh et al. (CRYPTO’13) and Everspaugh et al. (CRYPTO’17) do not guarantee the post-compromise security one would intuitively expect from key rotation. We provide a comprehensive treatment of ciphertext-independent schemes, where a single token is used to update all ciphertexts. The data owner can produce an update token, and the cloud server can update the ciphertexts. Updatable encryption is particularly useful in settings where encrypted data is outsourced, e.g., stored on a cloud server. These ciphertext updates are done with the help of a so-called update token and can be performed by an untrusted party, as the update never decrypts the data.
#SHAREIT OLD VERSION PC NON UPDATABLE SERIES#
Book series (LNCS, volume 10822) AbstractĪn updatable encryption scheme allows to periodically rotate the encryption key and move already existing ciphertexts from the old to the new key.