Paper 2023/1727

A Formal Treatment of Envelope Encryption

Shoichi Hirose, University of Fukui
Kazuhiko Minematsu, NEC (Japan), Yokohama National University
Abstract

Envelope encryption is a method to encrypt data with two distinct keys in its basic form. Data is first encrypted with a data-encryption key, and then the data-encryption key is encrypted with a key-encryption key. Despite its deployment in major cloud services, as far as we know, envelope encryption has not received any formal treatment. To address this issue, we first formalize the syntax and security requirements of envelope encryption in the symmetric-key setting. Then, we show that it can be constructed by combining encryptment and authenticated encryption with associated data (AEAD). Encryptment is one-time AEAD satisfying that a small part of a ciphertext works as a commitment to the corresponding secret key, message, and associated data. Finally, we show that the security of the generic construction is reduced to the security of the underlying encryptment and AEAD.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Authenticated encryptionKey wrapKey-committingEncryptment
Contact author(s)
hrs_shch @ u-fukui ac jp
k-minematsu @ nec com
History
2023-11-13: approved
2023-11-08: received
See all versions
Short URL
https://ia.cr/2023/1727
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1727,
      author = {Shoichi Hirose and Kazuhiko Minematsu},
      title = {A Formal Treatment of Envelope Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1727},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1727}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.