www.arijuels.com/wp-content/uploads/2013/09/HoneyEncryptionpre.pdf

Source: www.arijuels.com/wp-content/uploads/2013/09/HoneyEncryptionpre.pdf





Honey Encryption: Security Beyond the Brute-Force Bound

Ari Juels

ajuels@gmail.com

Thomas Ristenpart

University of Wisconsin

rist@cs.wisc.edu

January 29, 2014

Version 1.1



Abstract



We introduce honey encryption (HE), a simple, general approach to encryptingmessages using low min-entropy keys such as passwords. HE is designed to produce a ciphertext which, when decrypted with any of a number of incorrect keys, yields plausible-looking but bogus plaintexts called honey messages. A key benefit of HE is that it provides security in cases where too little entropy is available to withstand brute-force attacks that try every key; in this sense, HE provides security beyond conventional brute-force bounds. HE can also provide a hedge against partial disclosure of high min-entropy keys. HE significantly improves security in a number of practical settings. To showcase this improvement, we build concrete HE schemes for password-based encryption of RSA secret keys and credit card numbers. The key challenges are development of appropriate instances of a new type of randomized message encoding scheme called a distribution-transforming encoder (DTE), and analyses of the expected maximum loading of bins in various kinds of balls-and-bins games.