Permanent Reencryption: How to Survive Generations of Cryptanalysts to Come

The protection of long-lived sensitive information puts enormous stress on traditional ciphers, to survive generations of cryptanalysts. In addition, there is a continued risk of adversaries penetrating and attacking the systems in which these ciphers are implemented. In this paper, we present our work-in-progress on an approach to survive both cryptanalysis and intrusion attacks for extended periods of time. A prime objective of any similar work is to prevent the leakage of plaintexts. However, given the long lifespan of sensitive information, during which cryptanalysts could focus on breaking the cipher, it is equally important to prevent leakage of unduly high amounts of ciphertext. Our approach consists in an enclave-based architectural set-up bringing in primary resilience against attacks, seconded by permanently reencrypting portions of the confidential or privacy-sensitive data with fresh keys and combining ciphers in a threshold-based encryption scheme.

[1]  Dennis J. Kucinich,et al.  Committee on Oversight and Government Reform , 2012 .

[2]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[3]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[4]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[5]  Paulo Veríssimo,et al.  Proactive resilience through architectural hybridization , 2006, SAC.

[6]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[7]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[8]  K. Gopinath,et al.  G_{its}^2 VSR: An Information Theoretical Secure Verifiable Secret Redistribution Protocol for Long-term Archival Storage , 2007 .

[10]  Michael Backes,et al.  Simulating the Large-Scale Erosion of Genomic Privacy Over Time , 2018, IEEE/ACM Transactions on Computational Biology and Bioinformatics.

[11]  Mark Ryan,et al.  Authenticating Compromisable Storage Systems , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[12]  Mahmut Kandemir,et al.  Securing Disk-Resident Data through Application Level Encryption , 2007 .

[13]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[14]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[15]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.