Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users’ privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation. Categories and Subject Descriptors E.3 [Data Encryption] Keywords Cloud Storage; Deduplication; Semantically Secure Encryption; PAKE
Jian Liu, N. Asokan, Benny Pinkas