{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,8]],"date-time":"2026-07-08T17:03:34Z","timestamp":1783530214868,"version":"3.55.0"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031683787","type":"print"},{"value":"9783031683794","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-68379-4_2","type":"book-chapter","created":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T20:17:23Z","timestamp":1723753043000},"page":"40-74","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["A Formal Treatment of\u00a0End-to-End Encrypted Cloud Storage"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8677-8301","authenticated-orcid":false,"given":"Matilda","family":"Backendal","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hannah","family":"Davis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8495-6610","authenticated-orcid":false,"given":"Felix","family":"G\u00fcnther","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8796-5064","authenticated-orcid":false,"given":"Miro","family":"Haller","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5145-4489","authenticated-orcid":false,"given":"Kenneth G.","family":"Paterson","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,8,16]]},"reference":[{"key":"2_CR1","unstructured":"AG, p.I.: pCloud \u2013 the most secure cloud storage. https:\/\/www.pcloud.com\/"},{"key":"2_CR2","unstructured":"Albrecht, M.R., Backendal, M., Coppola, D., Paterson, K.G.: Share with care: breaking E2EE in Nextcloud. Cryptology ePrint Archive, Paper 2024\/546 (2024). https:\/\/eprint.iacr.org\/2024\/546"},{"key":"2_CR3","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Haller, M., Marekov\u00e1, L., Paterson, K.G.: Caveat implementor! Key recovery attacks on MEGA. In: Hazay, C., Stam, M. (eds.) EUROCRYPT\u00a02023, Part\u00a0V. LNCS, vol. 14008, pp. 190\u2013218. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_7","DOI":"10.1007\/978-3-031-30589-4_7"},{"key":"2_CR4","unstructured":"Apple: Advanced data protection for iCloud (2022). https:\/\/support.apple.com\/guide\/security\/advanced-data-protection-for-icloud-sec973254c5f\/web. Accessed 10 Feb 2024"},{"key":"2_CR5","unstructured":"Backendal, M., Davis, H., G\u00fcnther, F., Haller, M., Paterson, K.G.: A formal treatment of end-to-end encrypted cloud storage. Cryptology ePrint Archive (2024). https:\/\/eprint.iacr.org\/2024\/989"},{"key":"2_CR6","doi-asserted-by":"publisher","unstructured":"Backendal, M., G\u00fcnther, F., Paterson, K.G.: Puncturable key wrapping and its applications. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13792, pp. 651\u2013681. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_22","DOI":"10.1007\/978-3-031-22966-4_22"},{"key":"2_CR7","doi-asserted-by":"publisher","unstructured":"Backendal, M., Haller, M., Paterson, K.G.: MEGA: malleable encryption goes awry. In: 2023 IEEE Symposium on Security and Privacy, pp. 146\u2013163. IEEE Computer Society Press (2023). https:\/\/doi.org\/10.1109\/SP46215.2023.10179290","DOI":"10.1109\/SP46215.2023.10179290"},{"key":"2_CR8","doi-asserted-by":"publisher","unstructured":"Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS 2011, pp. 433\u2013444. ACM Press (2011). https:\/\/doi.org\/10.1145\/2046707.2046758","DOI":"10.1145\/2046707.2046758"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/978-3-642-32009-5_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"M Bellare","year":"2012","unstructured":"Bellare, M., Ristenpart, T., Tessaro, S.: Multi-instance security and its application to password-based cryptography. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 312\u2013329. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_19"},{"key":"2_CR10","doi-asserted-by":"publisher","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 93, pp. 62\u201373. ACM Press (1993). https:\/\/doi.org\/10.1145\/168588.168596","DOI":"10.1145\/168588.168596"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework\u00a0for\u00a0code-based\u00a0game-playing\u00a0proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_25"},{"key":"2_CR12","doi-asserted-by":"publisher","unstructured":"Bellare, M., Shea, L.: Flexible password-based encryption: Securing cloud storage and provably resisting partitioning-oracle attacks. In: Rosulek, M. (ed.) CT-RSA\u00a02023. LNCS, vol. 13871, pp. 594\u2013621. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30872-7_23","DOI":"10.1007\/978-3-031-30872-7_23"},{"key":"2_CR13","doi-asserted-by":"publisher","unstructured":"Bessani, A., Correia, M., Quaresma, B., Andr\u00e9, F., Sousa, P.: Depsky: dependable and secure storage in a cloud-of-clouds. ACM Trans. Storage 9(4) (2013). https:\/\/doi.org\/10.1145\/2535929","DOI":"10.1145\/2535929"},{"key":"2_CR14","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Lysyanskaya, A., Neven, G.: Practical yet universally composable two-server password-authenticated secret sharing. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012, pp. 525\u2013536. ACM Press (2012). https:\/\/doi.org\/10.1145\/2382196.2382252","DOI":"10.1145\/2382196.2382252"},{"key":"2_CR15","doi-asserted-by":"publisher","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136\u2013145. IEEE Computer Society Press (2001). https:\/\/doi.org\/10.1109\/SFCS.2001.959888","DOI":"10.1109\/SFCS.2001.959888"},{"key":"2_CR16","doi-asserted-by":"publisher","unstructured":"Canetti, R., Jain, P., Swanberg, M., Varia, M.: Universally composable end-to-end secure messaging. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO\u00a02022, Part\u00a0II. LNCS, vol. 13508, pp. 3\u201333. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_1","DOI":"10.1007\/978-3-031-15979-4_1"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/3-540-46035-7_22","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"R Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337\u2013351. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_22"},{"issue":"2","key":"2_CR18","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/s00145-005-0419-9","volume":"19","author":"R Canetti","year":"2006","unstructured":"Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. J. Cryptol. 19(2), 135\u2013167 (2006). https:\/\/doi.org\/10.1007\/s00145-005-0419-9","journal-title":"J. Cryptol."},{"key":"2_CR19","doi-asserted-by":"publisher","unstructured":"Casacuberta, S., Hesse, J., Lehmann, A.: SoK: oblivious pseudorandom functions. In: 7th IEEE European Symposium on Security and Privacy. EuroS &P 2022. pp. 625\u2013646. IEEE (2022). https:\/\/doi.org\/10.1109\/EUROSP53844.2022.00045","DOI":"10.1109\/EUROSP53844.2022.00045"},{"key":"2_CR20","unstructured":"Chen, L., Li, Y.N., Tang, Q., Yung, M.: End-to-same-end encryption: modularly augmenting an app with an efficient, portable, and blind cloud storage. In: Butler, K.R.B., Thomas, K. (eds.) USENIX Security 2022, pp. 2353\u20132370. USENIX Association (2022)"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Chen, W., Hoang, T., Guajardo, J., Yavuz, A.A.: Titanium: a metadata-hiding file-sharing system with malicious security. In: 29th Annual Network and Distributed System Security Symposium. NDSS 2022, San Diego, California, USA, 24\u201328 April 2022. The Internet Society (2022). https:\/\/www.ndss-symposium.org\/ndss-paper\/auto-draft-234\/","DOI":"10.14722\/ndss.2022.24161"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Chen, W., Popa, R.A.: Metal: a metadata-hiding file-sharing system. In: NDSS\u00a02020. The Internet Society (2020)","DOI":"10.14722\/ndss.2020.24095"},{"key":"2_CR23","doi-asserted-by":"publisher","unstructured":"Das, P., Hesse, J., Lehmann, A.: DPaSE: distributed password-authenticated symmetric-key encryption, or how to get many keys from one password. In: Suga, Y., Sakurai, K., Ding, X., Sako, K. (eds.) ASIACCS 22, pp. 682\u2013696. ACM Press (2022). https:\/\/doi.org\/10.1145\/3488932.3517389","DOI":"10.1145\/3488932.3517389"},{"key":"2_CR24","doi-asserted-by":"publisher","unstructured":"Davies, G.T., et al.: Security analysis of the WhatsApp end-to-end encrypted backup protocol. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0IV. LNCS, vol. 14084, pp. 330\u2013361. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38551-3_11","DOI":"10.1007\/978-3-031-38551-3_11"},{"key":"2_CR25","unstructured":"Everspaugh, A., Chatterjee, R., Scott, S., Juels, A., Ristenpart, T.: The Pythia PRF service. In: Jung, J., Holz, T. (eds.) USENIX Security 2015, pp. 547\u2013562. USENIX Association (2015)"},{"key":"2_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-540-30576-7_17","volume-title":"Theory of Cryptography","author":"MJ Freedman","year":"2005","unstructured":"Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303\u2013324. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30576-7_17"},{"key":"2_CR27","unstructured":"Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: securing remote untrusted storage. In: NDSS\u00a02003. The Internet Society (2003)"},{"key":"2_CR28","doi-asserted-by":"publisher","unstructured":"Heninger, N., Ryan, K.: The hidden number problem with small unknown multipliers: cryptanalyzing MEGA in six queries and other applications. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC\u00a02023, Part\u00a0I. LNCS, vol. 13940, pp. 147\u2013176. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-31368-4_6","DOI":"10.1007\/978-3-031-31368-4_6"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-662-45608-8_13","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"S Jarecki","year":"2014","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 233\u2013253. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45608-8_13"},{"key":"2_CR30","doi-asserted-by":"publisher","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: Highly-efficient and composable password-protected secret sharing (or: How to protect your bitcoin wallet online). In: IEEE European Symposium on Security and Privacy, EuroS &P 2016, pp. 276\u2013291. IEEE (2016). https:\/\/doi.org\/10.1109\/EUROSP.2016.30","DOI":"10.1109\/EUROSP.2016.30"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-319-61204-1_3","volume-title":"Applied Cryptography and Network Security","author":"S Jarecki","year":"2017","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 39\u201358. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61204-1_3"},{"key":"2_CR32","doi-asserted-by":"publisher","unstructured":"Jarecki, S., Krawczyk, H., Resch, J.K.: Updatable oblivious key management for storage systems. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 379\u2013393. ACM Press (2019). https:\/\/doi.org\/10.1145\/3319535.3363196","DOI":"10.1145\/3319535.3363196"},{"key":"2_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-319-78372-7_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"S Jarecki","year":"2018","unstructured":"Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 456\u2013486. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_15"},{"key":"2_CR34","unstructured":"Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S.M., Maffei, M., Schr\u00f6der, D.: Simple password-hardened encryption services. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15\u201317 August 2018, pp. 1405\u20131421. USENIX Association (2018). https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lai"},{"key":"2_CR35","unstructured":"Lai, R.W.F., Egger, C., Schr\u00f6der, D., Chow, S.S.M.: Phoenix: rebirth of a cryptographic password-hardening service. In: Kirda, E., Ristenpart, T. (eds.) USENIX Security 2017, pp. 899\u2013916. USENIX Association (2017)"},{"key":"2_CR36","unstructured":"MEGA Limited: MEGA \u2013 about us. https:\/\/mega.io\/about. Accessed 25 Jan 2024"},{"key":"2_CR37","unstructured":"LTD, I.C.S.: Icedrive \u2013 next-generation cloud storage. https:\/\/icedrive.net\/"},{"key":"2_CR38","unstructured":"Ltd, S.: Seafile \u2013 open source file sync and share software. https:\/\/www.seafile.com\/en\/home\/"},{"key":"2_CR39","unstructured":"MEGA, T.: MEGA security update (2022). https:\/\/blog.mega.io\/mega-security-update. Accessed 9 Feb 2024"},{"key":"2_CR40","doi-asserted-by":"publisher","unstructured":"Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th FOCS, pp. 458\u2013467. IEEE Computer Society Press (1997). https:\/\/doi.org\/10.1109\/SFCS.1997.646134","DOI":"10.1109\/SFCS.1997.646134"},{"key":"2_CR41","unstructured":"Nextcloud: End-to-End Encryption Design (2017). https:\/\/nextcloud.com\/c\/uploads\/2022\/03\/Nextcloud-end-to-end-encryption-Whitepaper.pdf"},{"key":"2_CR42","unstructured":"OnePassword: 1Password Security Design (Release v0.4.6) (2023). https:\/\/1passwordstatic.com\/files\/security\/1password-white-paper.pdf"},{"key":"2_CR43","unstructured":"Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using Mylar. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), pp. 157\u2013172. USENIX Association, Seattle, WA (2014). https:\/\/www.usenix.org\/conference\/nsdi14\/technical-sessions\/presentation\/popa"},{"key":"2_CR44","unstructured":"Tresorit: End-to-end encrypted cloud storage for businesses. https:\/\/tresorit.com\/"},{"key":"2_CR45","unstructured":"Tyagi, N., Mughees, M.H., Ristenpart, T., Miers, I.: BurnBox: self-revocable encryption in a world of compelled access. In: Enck, W., Felt, A.P. (eds.) USENIX Security 2018, pp. 445\u2013461. USENIX Association (2018)"},{"key":"2_CR46","unstructured":"WhatsApp: End-to-end encrypted backups on WhatsApp. https:\/\/blog.whatsapp.com\/end-to-end-encrypted-backups-on-whatsapp. Accessed 10 Feb 2024"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-68379-4_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T20:17:52Z","timestamp":1723753072000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-68379-4_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031683787","9783031683794"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-68379-4_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"16 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}