Pretzel

Email encryption and provider-supplied functions are compatible

Trinabh Gupta, Henrique Fingler, Lorenzo Alvisi, Michael Walfish

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Emails today are often encrypted, but only between mail servers- the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5× versus the status quo.

Original languageEnglish (US)
Title of host publicationSIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication
PublisherAssociation for Computing Machinery, Inc
Pages169-182
Number of pages14
ISBN (Electronic)9781450346535
DOIs
StatePublished - Aug 7 2017
Event2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017 - Los Angeles, United States
Duration: Aug 21 2017Aug 25 2017

Other

Other2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017
CountryUnited States
CityLos Angeles
Period8/21/178/25/17

Fingerprint

Electronic mail
Cryptography
privacy
Servers
costs
evaluation
Network protocols
Processing
Costs

Keywords

  • Encrypted email
  • Linear classifiers
  • Secure two-party computation

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing
  • Electrical and Electronic Engineering
  • Communication

Cite this

Gupta, T., Fingler, H., Alvisi, L., & Walfish, M. (2017). Pretzel: Email encryption and provider-supplied functions are compatible. In SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication (pp. 169-182). Association for Computing Machinery, Inc. https://doi.org/10.1145/3098822.3098835

Pretzel : Email encryption and provider-supplied functions are compatible. / Gupta, Trinabh; Fingler, Henrique; Alvisi, Lorenzo; Walfish, Michael.

SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication. Association for Computing Machinery, Inc, 2017. p. 169-182.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Gupta, T, Fingler, H, Alvisi, L & Walfish, M 2017, Pretzel: Email encryption and provider-supplied functions are compatible. in SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication. Association for Computing Machinery, Inc, pp. 169-182, 2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017, Los Angeles, United States, 8/21/17. https://doi.org/10.1145/3098822.3098835
Gupta T, Fingler H, Alvisi L, Walfish M. Pretzel: Email encryption and provider-supplied functions are compatible. In SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication. Association for Computing Machinery, Inc. 2017. p. 169-182 https://doi.org/10.1145/3098822.3098835
Gupta, Trinabh ; Fingler, Henrique ; Alvisi, Lorenzo ; Walfish, Michael. / Pretzel : Email encryption and provider-supplied functions are compatible. SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication. Association for Computing Machinery, Inc, 2017. pp. 169-182
@inproceedings{35aa0711bfa24aeaa1a2d1a9b29418df,
title = "Pretzel: Email encryption and provider-supplied functions are compatible",
abstract = "Emails today are often encrypted, but only between mail servers- the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5× versus the status quo.",
keywords = "Encrypted email, Linear classifiers, Secure two-party computation",
author = "Trinabh Gupta and Henrique Fingler and Lorenzo Alvisi and Michael Walfish",
year = "2017",
month = "8",
day = "7",
doi = "10.1145/3098822.3098835",
language = "English (US)",
pages = "169--182",
booktitle = "SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Pretzel

T2 - Email encryption and provider-supplied functions are compatible

AU - Gupta, Trinabh

AU - Fingler, Henrique

AU - Alvisi, Lorenzo

AU - Walfish, Michael

PY - 2017/8/7

Y1 - 2017/8/7

N2 - Emails today are often encrypted, but only between mail servers- the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5× versus the status quo.

AB - Emails today are often encrypted, but only between mail servers- the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end and providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5× versus the status quo.

KW - Encrypted email

KW - Linear classifiers

KW - Secure two-party computation

UR - http://www.scopus.com/inward/record.url?scp=85029456265&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85029456265&partnerID=8YFLogxK

U2 - 10.1145/3098822.3098835

DO - 10.1145/3098822.3098835

M3 - Conference contribution

SP - 169

EP - 182

BT - SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication

PB - Association for Computing Machinery, Inc

ER -