The Power of Refresh: A Novel Mechanism for Securing Low Entropy PII

Deterministic encryption for low entropy personally identifiable information(PII) is vulnerable to dictionary attack. It is particularly so because of an expedient method to enumerate possible PII\´splain text instead of all possible keys. Deterministic encryption, however, is indispensable in the generation of hash or index of PII. This paper presents a novel mechanism to frustrate dictionary attacks by refreshing the encryption in an external "blackbox". The "blackbox" has a private key inside and even the person who designed and manufactured it could not track or reveal its input and output without knowing the private key. The major part of this paper is about the analysis of this novel mechanism. The use of conditional entropy in this paper both measures the power to defend the attack and proves the value and feasibility of this novel mechanism. A lower bound for conditional entropy against a computationally-unbounded adversary is guaranteed. The essential meaning of the lower bound is also given based on min-entropy. By the proof, this mechanism can provide very reliable security for PII in online social networks (OSN) and keep efficiency and functionality at the same time.