Information-theoretically secure key generation and management

Abstract

In this paper, we address the problems of key generation and management for enabling one-key-for-one-file secure encryption, where every file is encrypted by using an independent random key, which is highly desired in long-term protection of data stored on public clouds and other applications. A new concept dubbed information-theoretical ϵ-security is introduced to measure the security of a keystore (i.e., a set of random keys, ki, 1 ≤ i ≤ Λ, each consisting of l bits) which are generated from a random string of L bits, called the keystore seed. An efficient keystore generation scheme is presented, and the resulting keystore Ψ = {ki :1 ≤ i ≤ Λ} is shown to be information-theoretically e-secure with small e. Specifically, they satisfy the following properties: (1) Λ ≫ L is sufficiently large to realize one-key-for-one-file encryption for applications with a large number of files; (2) for any key index i, the key ki is uniformly distributed over the key space {0,1}1 and hence statistically independent of i if i is chosen randomly; (3) for any two independent i, j, 1 ≤ i, j ≤ Λ, the probability that ki = kj is less than (1 - ϵ) × 2-l + ϵ and (4) for any two independent key indices i and j, knowing i, j, and ki does not reduce the amount of uncertainty about kj significantly, i.e., the conditional Shannon entropy H (kj |i, j, ki)is at least as large as (1 - ϵ)H(kj | j). These security properties along with easy generation of each key ki from the keystore seed and the key index i remove most challenges in distributing and managing a large number of random keys.