Reducing Metadata Leakage from Encrypted Files and Communication with PURBs

  title={Reducing Metadata Leakage from Encrypted Files and Communication with PURBs},
  author={Kirill Nikitin and Ludovic Barman and Matthew Underwood and Bryan Ford},
  journal={Proceedings on Privacy Enhancing Technologies},
  pages={33 - 6}
Abstract Most encrypted data formats leak metadata via their plaintext headers, such as format version, encryption schemes used, number of recipients who can decrypt the data, and even the recipients’ identities. This leakage can pose security and privacy risks to users, e.g., by revealing the full membership of a group of collaborators from a single encrypted e-mail, or by enabling an eavesdropper to fingerprint the precise encryption software version and configuration the sender used. We… 

2FE: Two-Factor Encryption for Cloud Storage

Two-Factor Encryption (2FE) is designed, which draws inspiration from two-factor authentication and turns file encryption and decryption into an interactive process where two user devices, like a laptop and a smartphone, must interact and provides strong confidentiality and availability guarantees.

Federated Learning Framework with Straggling Mitigation and Privacy-Awareness for AI-based Mobile Application Services

In this work, we propose a novel framework to address straggling and privacy issues for federated learning (FL)-based mobile application services, taking into account limited computing/communications

Optimally Hiding Object Sizes with Constrained Padding

This paper gives algorithms to compute privacy-optimal padding schemes—specifically that minimize the network observer's information gain from a downloaded object’s padded size—in several scenarios of interest, comparing them to recent contenders in the research literature, and evaluating their performance on practical datasets.

Deniable Upload and Download via Passive Participation

CoverUp is a system that enables users to asynchronously upload and download data and introduces a trusted party to involve visitors from a collaborating website, to enable plausible deniability while providing or accessing controversial information.

F3B: A Low-Latency Commit-and-Reveal Architecture to Mitigate Blockchain Front-Running

Flash Freezing Flash Boys (F3B), a blockchain architecture to address front-running attacks by relying on a commit-and-reveal scheme where the contents of transactions are encrypted and later revealed by a decentralized secret-management committee once the underlying consensus layer has committed the transaction.

Flash Freezing Flash Boys: Countering Blockchain Front-Running

Flash Freezing Flash Boys (F3B), an architecture to address front-running attacks by relying on a commit-and-reveal scheme where the contents of a transaction are encrypted and later revealed by a decentralized secret-management committee (SMC) when the transaction has been committed by the underlying consensus layer.

The Computer for the 21st Century – Second Edition for Europe: Open-source Projects, Consumer Activism, and Collaboration Will Make Privacy the Central Pillar of Innovation and Cause a Technology Industry Where Creative Ideas From Small Market Players Can Flourish

The privacy of personal data is a human right that is systematically violated in the computing industry, according to human rights organisations. The vision that technology would help society


  • Harry Halpin
  • Proceedings of the 15th International Conference on Availability, Reliability and Security
  • 2020

SoK: why Johnny can't fix PGP standardization

  • H. Halpin
  • Computer Science, Mathematics
  • 2020
The core reason for the inability to "fix" PGP is the lack of a simple AEAD interface which in turn requires a decentralized public key infrastructure to work with email, yet even if standards like MLS replace PGP, the deployment of a decentralized PKI remains an open issue.



Key-Privacy in Public-Key Encryption

It is proved that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme providing anonymity under choosing-ciphertext attack under the same assumption.

Privacy in Encrypted Content Distribution Using Private Broadcast Encryption

A private broadcast scheme is constructed, with a strong privacy guarantee against an active attacker, that achieves ciphertext length, encryption time, and decryption time comparable with the non-private schemes currently used in encrypted file systems.

Nonce-Based Symmetric Encryption

This work investigates an alternative syntax for an encryption scheme, where the encryption process e is a deterministic function that surfaces an initialization vector (IV) that is guaranteed to be a nonce-something that takes on a new value with every message one encrypts.

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered.

Outsider-Anonymous Broadcast Encryption with Sublinear Ciphertexts

This paper proposes the first broadcast encryption scheme with sublinear ciphertexts to attain meaningful guarantees of receiver anonymity, and formalizes the notion of outsider-anonymous broadcast encryption (oABE), and describes generic constructions in the standard model that achieve outsider- anonymity under adaptive corruption in the chosen-plaintext and chosen-ciphertext settings.

Compression and Information Leakage of Plaintext

  • J. Kelsey
  • Computer Science, Mathematics
  • 2002
This paper describes a somewhat different kind of side-channel provided by data compression algorithms, yielding information about their inputs by the size of their outputs, and discusses ways to use this apparently very small leak of information in surprisingly powerful ways.

Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML

  • Donald T. Davis
  • Computer Science, Mathematics
    USENIX Annual Technical Conference, General Track
  • 2001
This paper analyzes the Sign & Encrypt protocol, reviews the defective sign/encrypt standards, and describes a comprehensive set of simple repairs, which all have a common feature: when signing and encryption are combined, the inner crypto layer must somehow depend on the outer layer, so as to reveal any tampering with the inner layer.

Multi-Recipient Encryption Schemes : Efficient Constructions and their Security

A way to avoid ad-hoc analyses is shown by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness re-using MRES is secure.

Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier

A novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes and outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values.

Multirecipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security

A way to avoid ad hoc analyses is shown by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness reusing MRES is secure.