[Resource Topic] 2023/1308: How to Recover a Cryptographic Secret From the Cloud

Welcome to the resource topic for 2023/1308

How to Recover a Cryptographic Secret From the Cloud

Authors: Chris Orsini, Alessandra Scafuro, Tanner Verber


Clouds have replaced local backup systems due to their stronger reliability and availability guarantees compared to local machines, which are prone to hardware/software failure or can be stolen or lost, especially in the case of portable devices

In recent years, some digital assets are managed solely through the knowledge of cryptographic secrets (e.g., cryptocurrency, encrypted datasets), whose loss results in the permanent loss of the digital asset. Since the security of such systems relies on the assumption that the cryptographic key remains secret, a secret owner Alice cannot simply store a backup copy of such secret on the cloud, since this corresponds to giving away her ownership over the digital assets. Thus Alice must rely on her personal machines to maintain these secrets.

Is it possible to obtain the best of the two worlds, where Alice benefits from the convenience of storing a backup copy of her cryptographic secrets on the cloud such that she can recover them even when she loses her devices and forgets all credentials, while at the same time retaining full ownership of her secrets?

In this paper, we show that this is indeed possible, by revisiting and expanding the concept of Break-glass Encryption pioneered by Scafuro [PKC19].

We provide a secret-recovery mechanism where confidentiality is always guaranteed when Alice has not lost her credentials, even in the presence of a malicious cloud and users ([PKC19] only guarantees that a violation of confidentiality will be {\em detected}, not prevented). Recoverability is achieved in most circumstances.

We design and prove security of a credential-less authentication mechanism, that enables Alice to access her secret, without remembering any credentials. This tool was assumed in [PKC19] but not implemented. We redesign the storage mechanism on the cloud side so that the cloud needs to perform no operations during the storage phase. This is in contrast with [PKC19] where the cloud must re-encrypt the stored file continuously with the help of a secure enclave (regardless of whether a recovery procedure will happen).

Our protocols are proved secure in the Universal Composition framework.

ePrint: https://eprint.iacr.org/2023/1308

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .