Reducing Metadata Leakage from Encrypted Files and Communication with PURBs
share
Most encrypted data formats, such as PGP, leak substantial metadata in their plaintext headers, such as format version, encryption schemes used, the number of recipients who can decrypt the data, and even the identities of those recipients. This leakage can pose security and privacy risks, e.g., by revealing the full membership of a group of collaborators from a single encrypted E-mail between two of them, or enabling an eavesdropper to fingerprint the precise encryption software version and configuration the sender used and to facilitate targeted attacks against specific endpoint software weaknesses. We propose to improve security and privacy hygiene by designing future encrypted data formats such that no one without a relevant decryption key learns anything at all from a ciphertext apart from its length - and learns as little as possible even from that. To achieve this goal we present Padded Uniform Random Blobs or PURBs, an encrypted format functionally similar to PGP but strongly minimizing a ciphertext's leakage via metadata or length. A PURB is indistinguishable from a uniform random bit-string to an observer without a decryption key. Legitimate recipients can efficiently decrypt the PURB even when it is encrypted for any number of recipients' public keys and/or passwords, and when those public keys are of different cryptographic schemes. PURBs use a novel padding scheme to reduce potential information leakage via the ciphertext's length L to the asymptotic minimum of O(log_2(log_2(L))) bits, comparable to padding to a power of two, but with much lower padding overhead of at most 12% which decreases further with large payloads.
READ FULL TEXT