Abstract
All-or-nothing transforms have been defined as bijective mappings on all s-tuples over a specified finite alphabet. These mappings are required to satisfy certain “perfect security” conditions specified using entropies of the probability distribution defined on the input s-tuples. Alternatively, purely combinatorial definitions of AONTs have been given, which involve certain kinds of “unbiased arrays”. However, the combinatorial definition makes no reference to probability definitions. In this paper, we examine the security provided by AONTs that satisfy the combinatorial definition. The security of the AONT can depend on the underlying probability distribution of the s-tuples. We show that perfect security is obtained from an AONT if and only if the input s-tuples are equiprobable. However, in the case where the input s-tuples are not equiprobable, we still achieve a weaker security guarantee. We also consider the use of randomized AONTs to provide perfect security for a smaller number of inputs, even when those inputs are not equiprobable.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Boyko V.: On the security properties of OAEP as an all-or-nothing Transform. In: CRYPTO ’99. Lecture Notes in Computer Science, vol. 1666, pp. 503–518 (1999).
Canetti R., Dodis Y., Halevi S., Kushilevitz E., Sahai A.: Exposure-resilient functions and all-or-nothing transforms. In: EUROCRYPT 2000. Lecture Notes in Computer Science, vol. 1807, pp. 453–469 (2000).
Colbourn C.J., Dinitz J.H. (eds.): The CRC Handbook of Combinatorial Designs, 2nd edn. CRC Press, Boca Raton (2006).
D’Arco P., Esfahani N.N., Stinson D.R.: All or nothing at all. Electron. J. Comb. 23(4) (2016).
Desai A.: The security of all-or-nothing encryption: protecting against exhaustive key search. In: CRYPTO 2000. Lecture Notes in Computer Science, vol. 1880, pp. 359–375 (2000).
Esfahani N.N.: Generalizations of all-or-nothing transforms and their application in secure distributed storage. PhD thesis, University of Waterloo (2021).
Esfahani N.N., Stinson D.R.: Computational results on invertible matrices with the maximum number of invertible \(2 \times 2\) submatrices. Australas. J. Comb. 69, 130–144 (2017).
Esfahani N.N., Goldbeg I., Stinson D.R.: Some results on the existence of \(t\)-all-or-nothing transforms over arbitrary alphabets. IEEE Trans. Inf. Theory 64, 3136–3143 (2018).
MacWilliams F.J., Sloane N.J.A.: The Theory of Error-Correcting Codes. North-Holland, Amsterdam (1977).
Rivest R.L.: All-or-nothing encryption and the package transform. In: Fast Software Encryption 1997. Lecture Notes in Computer Science, vol. 1267, pp. 210–218 (1997).
Stinson D.R.: Something about all or nothing (transforms). Des. Codes Cryptogr. 22, 133–138 (2001).
Wang X., Cui J., Ji L.: Linear \((2, p, p)\)-AONTs exist for all primes \(p\). Des. Codes Cryptogr. 87, 2185–2197 (2019).
Zhang Y., Zhang T., Wang X., Ge G.: Invertible binary matrices with maximum number of 2-by-2 invertible submatrices. Discret. Math. 340, 201–208 (2017).
Acknowledgements
The authors would like thank Ian Goldberg for raising the issues we discuss in this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by C. J. Colbourn.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
D. R. Stinson’s research is supported by NSERC discovery Grant RGPIN-03882.
Rights and permissions
About this article
Cite this article
Esfahani, N.N., Stinson, D.R. On security properties of all-or-nothing transforms. Des. Codes Cryptogr. 89, 2857–2867 (2021). https://doi.org/10.1007/s10623-021-00958-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-021-00958-5