I want to store encrypted files on some storage backend that allows me to fetch

Question

I want to store encrypted files on some storage backend that allows me to fetch bytes X through Y of the encrypted file. I can obviously decrypt the entire file locally and send it back to the client.

However, if the file is very large it would be nice to be able to arbitrarily decrypt that byte range on the fly. If possible, I'd like to be able to decrypt the parts by different servers at the same time (so I won't necessarily have the full decryption chain at hand).

Is there any block cipher mode that would allow for something like this, or any possible way at all?

Explanation / Answer

If you can require that the ranges are block-aligned, the disk encryption modes (LRW, XEX, XTS, CTR, etc.) seem ideal for your purposes. ECB mode also works with block-aligned ranges, but is, well, ECB mode.

If you need byte-level alignment, the only mode that looks promising is OFB mode: you compute a keystream that includes the range you want to decrypt, then XOR the appropriate section of the keystream with the encrypted section of the file. For a large file, this can be rather inefficient, as you may be computing and discarding gigabytes of keystream before you get to the part you're going to use.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.