TY - GEN
T1 - Pretzel
T2 - 2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017
AU - Gupta, Trinabh
AU - Fingler, Henrique
AU - Alvisi, Lorenzo
AU - Walfish, Michael
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/8/7
Y1 - 2017/8/7
N2 - Emails today are often encrypted, but only between mail servers- the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5× versus the status quo.
AB - Emails today are often encrypted, but only between mail servers- the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5× versus the status quo.
KW - Encrypted email
KW - Linear classifiers
KW - Secure two-party computation
UR - http://www.scopus.com/inward/record.url?scp=85029456265&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85029456265&partnerID=8YFLogxK
U2 - 10.1145/3098822.3098835
DO - 10.1145/3098822.3098835
M3 - Conference contribution
AN - SCOPUS:85029456265
T3 - SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication
SP - 169
EP - 182
BT - SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication
PB - Association for Computing Machinery, Inc
Y2 - 21 August 2017 through 25 August 2017
ER -