International Association for Cryptologic Research

International Association
for Cryptologic Research


A Formal Treatment of End-to-End Encrypted Cloud Storage

Matilda Backendal , ETH Zurich, Switzerland
Hannah Davis , Seagate Technology, USA
Felix Günther , IBM Research Europe - Zurich, Switzerland
Miro Haller , UC San Diego, USA
Kenneth G. Paterson , ETH Zurich, Switzerland
Search ePrint
Search Google
Conference: CRYPTO 2024
Abstract: Users increasingly store their data in the cloud, thereby benefiting from easy access, sharing, and redundancy. To additionally guarantee security of the outsourced data even against a server compromise, some service providers have started to offer end-to-end encrypted (E2EE) cloud storage. With this cryptographic protection, only legitimate owners can read or modify the data. However, recent attacks on the largest E2EE providers have highlighted the lack of solid foundations for this emerging type of service. In this paper, we address this shortcoming by initiating the formal study of E2EE cloud storage. We give a formal syntax to capture the core functionality of a cloud storage system, capturing the real-world complexity of such a system’s constituent interactive protocols. We then define game-based security notions for confidentiality and integrity of a cloud storage system against a fully malicious server. We treat both selective and fully adaptive client compromises. Our notions are informed by recent attacks on E2EE cloud storage providers. In particular we show that our syntax is rich enough to capture the core functionality of MEGA and that recent attacks on it arise as violations of our security notions. Finally, we present an E2EE cloud storage system that provides all core functionalities and that is both efficient and provably secure with respect to our selective security notions. Along the way, we discuss challenges on the path towards bringing the security of cloud storage up to par with other end-to-end primitives, such as secure messaging and TLS.
  title={A Formal Treatment of End-to-End Encrypted Cloud Storage},
  author={Matilda Backendal and Hannah Davis and Felix Günther and Miro Haller and Kenneth G. Paterson},