2

I'm curious how large cloud computing services that might secure encrypted data would update an encrypted file. For example, let's consider a user is using RSA to encrypt a large file, maybe gigabytes long, and stores it on a server. The user then makes a small change to the file. Encrypting this new update again and storing seems like a massive waste of time and resources. How would one counter this problem?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Securitybeginer
  • 21
  • 1
  • I would think that the whole file would have to decrypt to make the change, and then re-encrypted again. What type of cloud service would you be referring to? – Marc Woodyard Mar 14 '21 at 02:31
  • I'm interested in seeing if there's a more efficient way to do so because it seems like encrypting the entire file for a small change is very wasteful. – Securitybeginer Mar 14 '21 at 02:41
  • Encryption is always going to have some overhead which will depend on what's being encrypted. Here's something you might find useful https://stackoverflow.com/questions/11300128/encrypting-and-or-decrypting-large-files-aes-on-a-memory-and-storage-constrain – Marc Woodyard Mar 14 '21 at 02:46
  • 1
    If the *user* is doing the encryption, then the work is on the user, not the remote service. If the *service* is doing the encryption, then it depends on the type of encryption used and how it's implemented. So, which scenario are you talking about? – schroeder Mar 14 '21 at 07:49
  • The exact answer really needs your details. RSA is not for encryption and compared to encryption the decryption will be slow. Some file formats changes beginning, too. – kelalaka Mar 15 '21 at 10:50

1 Answers1

1

Most encryption algorithms do not propagate changes to subsequent blocks, so you can edit the file in place with the key, and the amount of ciphertext you will be a multiple of a certain size (usually the size of the cipher block or a multiple thereof). The way large encrypted files are typically updated is by having the encryption done transparently, as is the case with filesystem and disk-level encryption.

The only kind of encryption which would force you to re-encrypt everything and re-upload it would be one which uses an all-or-nothing transform, which no modern file encryption methods use.

forest
  • 64,616
  • 20
  • 206
  • 257
  • Actually, counter-based encryptions are dangerous [on file updates](https://crypto.stackexchange.com/a/84440/18298). The updated part can be attacked with crib dragging. The update needs a new full encryption with either a new key or a new nonce. – kelalaka Mar 15 '21 at 10:46