Oblivious PRF on Committed Vector Inputs and Application to Deduplication of Encrypted Data

Ensuring secure deduplication of encrypted data is a very active topic of research because deduplication is effective at reducing storage costs. Schemes supporting deduplication of encrypted data that are not vulnerable to content guessing attacks (such as Message Locked Encryption) have been proposed recently [Bellare et al. 2013, Li et al. 2015]. However in all these schemes, there is a key derivation phase that solely depends on a short hash of the data and not the data itself. Therefore, a file specific key can be obtained by anyone possessing the hash. Since hash values are usually not meant to be secret, a desired solution will be a more robust oblivious key generation protocol where file hashes need not be kept private. Motivated by this use-case, we propose a new primitive for oblivious pseudorandom function (OPRF) on committed vector inputs in the universal composable (UC) framework. We formalize this functionality as \(\mathcal {F}_\mathsf {OOPRF}\), where \(\mathsf {OOPRF}\) stands for Ownership-based Oblivious PRF. \(\mathcal {F}_\mathsf {OOPRF}\) produces a unique random key on input a vector digest provided the client proves knowledge of a (parametrisable) number of random positions of the input vector.

[1]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[2]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[3]  Benny Pinkas,et al.  Secure Deduplication of Encrypted Data without Additional Independent Servers , 2015, CCS.

[4]  Melissa Chase,et al.  Deja Q: Using Dual Systems to Revisit q-Type Assumptions , 2014, IACR Cryptol. ePrint Arch..

[5]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[6]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[7]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[8]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[9]  Aggelos Kiayias,et al.  Highly-Efficient and Composable Password-Protected Secret Sharing (Or: How to Protect Your Bitcoin Wallet Online) , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[10]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[11]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[12]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[13]  Ivan Visconti,et al.  Efficient Zero Knowledge on the Internet , 2006, ICALP.

[14]  Dan Boneh,et al.  Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains , 2019, IACR Cryptol. ePrint Arch..

[15]  Yevgeniy Dodis,et al.  Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs , 2008, CRYPTO.

[16]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[17]  Benny Pinkas,et al.  Proofs of ownership in remote storage systems , 2011, CCS '11.

[18]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[19]  Jens Groth,et al.  Efficient Zero-Knowledge Proof Systems , 2016, FOSAD.

[20]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[23]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[24]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[25]  Jan Camenisch,et al.  UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens , 2016, CRYPTO.

[26]  Dutch T. Meyer,et al.  A study of practical deduplication , 2011, TOS.

[27]  Jan Camenisch,et al.  Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products , 2002, CRYPTO.

[28]  Dan Boneh,et al.  Bivariate Polynomials Modulo Composites and their Applications , 2014, IACR Cryptol. ePrint Arch..