On Security Properties of All-or-nothing Transforms

All-or-nothing transforms have been defined as bijective mappings on all s-tuples over a specified finite alphabet. These mappings are required to satisfy certain “perfect security” conditions specified using entropies of the probability distribution defined on the input s-tuples. Alternatively, purely combinatorial definitions of AONTs have been given, which involve certain kinds of “unbiased arrays”. However, the combinatorial definition makes no reference to probability definitions. In this paper, we examine the security provided by AONTs that satisfy the combinatorial definition. The security of the AONT can depend on the underlying probability distribution of the s-tuples. We show that perfect security is obtained from an AONT if and only if the input s-tuples are equiprobable. However, in the case where the input s-tuples are not equiprobable, we still achieve a weaker security guarantee. We also consider the use of randomized AONTs to provide perfect security for a smaller number of inputs, even when those inputs are not equiprobable.

[1]  Anand Desai,et al.  The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search , 2000, CRYPTO.

[2]  Ian Goldberg,et al.  Some Results on the Existence of $t$ -All-or-Nothing Transforms Over Arbitrary Alphabets , 2018, IEEE Transactions on Information Theory.

[3]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[4]  C. Colbourn,et al.  Handbook of Combinatorial Designs , 2006 .

[5]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[6]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[7]  Jürgen Dix,et al.  EDs , 2021, Encyclopedia of Evolutionary Psychological Science.

[8]  Douglas R. Stinson,et al.  Computational results on invertible matrices with the maximum number of invertible 2×2 submatrices , 2017, Australas. J Comb..

[9]  Tao Zhang,et al.  Invertible binary matrices with maximum number of 2-by-2 invertible submatrices , 2017, Discret. Math..

[10]  Jie Cui,et al.  Linear (2, p, p)-AONTs exist for all primes p , 2019, Des. Codes Cryptogr..

[11]  Victor Boyko,et al.  On the Security Properties of OAEP as an All-or-Nothing Transform , 1999, CRYPTO.

[12]  Douglas R. Stinson,et al.  All or Nothing at All , 2016, Electron. J. Comb..

[13]  Navid Nasr Esfahani Generalizations of All-or-Nothing Transforms and their Application in Secure Distributed Storage , 2021 .

[14]  Douglas R. Stinson,et al.  Something About All or Nothing (Transforms) , 2001, Des. Codes Cryptogr..