I'm curious how large cloud computing services that might secure encrypted data would update an encrypted file. For example, let's consider a user is using RSA to encrypt a large file, maybe gigabytes long, and stores it on a server. The user then makes a small change to the file. Encrypting this new update again and storing seems like a massive waste of time and resources. How would one counter this problem?
Asked
Active
Viewed 157 times
2
-
I would think that the whole file would have to decrypt to make the change, and then re-encrypted again. What type of cloud service would you be referring to? – Marc Woodyard Mar 14 '21 at 02:31
-
I'm interested in seeing if there's a more efficient way to do so because it seems like encrypting the entire file for a small change is very wasteful. – Securitybeginer Mar 14 '21 at 02:41
-
Encryption is always going to have some overhead which will depend on what's being encrypted. Here's something you might find useful https://stackoverflow.com/questions/11300128/encrypting-and-or-decrypting-large-files-aes-on-a-memory-and-storage-constrain – Marc Woodyard Mar 14 '21 at 02:46
-
1If the *user* is doing the encryption, then the work is on the user, not the remote service. If the *service* is doing the encryption, then it depends on the type of encryption used and how it's implemented. So, which scenario are you talking about? – schroeder Mar 14 '21 at 07:49
-
The exact answer really needs your details. RSA is not for encryption and compared to encryption the decryption will be slow. Some file formats changes beginning, too. – kelalaka Mar 15 '21 at 10:50
1 Answers
1
Most encryption algorithms do not propagate changes to subsequent blocks, so you can edit the file in place with the key, and the amount of ciphertext you will be a multiple of a certain size (usually the size of the cipher block or a multiple thereof). The way large encrypted files are typically updated is by having the encryption done transparently, as is the case with filesystem and disk-level encryption.
The only kind of encryption which would force you to re-encrypt everything and re-upload it would be one which uses an all-or-nothing transform, which no modern file encryption methods use.
![](../../users/profiles/106285.webp)
forest
- 64,616
- 20
- 206
- 257
-
Actually, counter-based encryptions are dangerous [on file updates](https://crypto.stackexchange.com/a/84440/18298). The updated part can be attacked with crib dragging. The update needs a new full encryption with either a new key or a new nonce. – kelalaka Mar 15 '21 at 10:46