Honey Encryption: Security Beyond the Brute-Force Bound
Authors:
Ari Juels,
Thomas Ristenpart
Abstract:
We introduce honey encryption (HE), a simple, general
approach to encrypting messages using low min-entropy keys such as passwords.
HE is designed to produce a ciphertext which, when decrypted with any of a
number of incorrect keys, yields plausible-looking but bogus plaintexts
called honey messages. A key benefit of HE is that it
provides security in cases where too little entropy is available to withstand brute-force
attacks that try every key; in this sense, HE provides security beyond
conventional brute-force
bounds. HE can also provide a hedge against partial disclosure of high
min-entropy keys.
HE significantly improves security in a number of practical
settings. To showcase this improvement, we build concrete HE schemes for password-based
encryption of RSA secret keys and credit card numbers. The key challenges
are development of appropriate instances of a new type of randomized
message encoding scheme called a distribution-transforming encoder (DTE), and
analyses of the expected maximum loading of bins in various kinds of
balls-and-bins games.
References:
Proceedings of Advances in Cryptology -- Eurocrypt '14
Versions:
A version of the paper is available as a pdf.