67
0

Conditional Encryption with Applications to Secure Personalized Password Typo Correction

Abstract

We introduce the notion of a conditional encryption scheme as an extension of public key encryption. In addition to the standard public key algorithms (KG\mathsf{KG}, Enc\mathsf{Enc}, Dec\mathsf{Dec}) for key generation, encryption and decryption, a conditional encryption scheme for a binary predicate PP adds a new conditional encryption algorithm CEnc\mathsf{CEnc}. The conditional encryption algorithm c=CEncpk(c1,m2,m3)c=\mathsf{CEnc}_{pk}(c_1,m_2,m_3) takes as input the public encryption key pkpk, a ciphertext c1=Encpk(m1)c_1 = \mathsf{Enc}_{pk}(m_1) for an unknown message m1m_1, a control message m2m_2 and a payload message m3m_3 and outputs a conditional ciphertext cc. Intuitively, if P(m1,m2)=1P(m_1,m_2)=1 then the conditional ciphertext cc should decrypt to the payload message m3m_3. On the other hand if P(m1,m2)=0P(m_1,m_2) = 0 then the ciphertext should not leak any information about the control message m2m_2 or the payload message m3m_3 even if the attacker already has the secret decryption key sksk. We formalize the notion of conditional encryption secrecy and provide concretely efficient constructions for a set of predicates relevant to password typo correction. Our practical constructions utilize the Paillier partially homomorphic encryption scheme as well as Shamir Secret Sharing. We prove that our constructions are secure and demonstrate how to use conditional encryption to improve the security of personalized password typo correction systems such as TypTop. We implement a C++ library for our practically efficient conditional encryption schemes and evaluate the performance empirically. We also update the implementation of TypTop to utilize conditional encryption for enhanced security guarantees and evaluate the performance of the updated implementation.

View on arXiv
Comments on this paper