Abstract
An AONT is an efficiently computable transform with two properties. Given all the bits of its output, it is easy to retrieve the message. On the other hand, if sufficiently many bits of the output are missing, it is computationally infeasible for an polynomial-time adversary to learn any information about the message. The natural intuition then may be deduced that if an secure AONT is used in a cryptosystem, the whole system will be secure as long as sufficiently many bits are “protected”. However, we show this is not enough. Our results are three-fold: First we answer an open problem raised in [6], showing that previous definitions are not sufficient to guarantee a provably secure cryptosystem with strong data privacy, namely, indistinguishability against chosen ciphertext attack (IND-CCA). Second, we give a new definition to AONT, showing this definition suffices to guarantee an AONT integrated with any encryption functions to acquire IND-CCA secure cryptosystems. Third, we give concrete constructions that satisfy the new definition.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
An, J.H., Dodis, Y.: Concealment and Its Applications to Authenticated Encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 312–329. Springer, Heidelberg (2003)
Bellare, M., Desai, A., Pointcheval, D., Rogway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 26. Springer, Heidelberg (1998)
Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 531. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In: 1st ACM Conference on Computer and Communications, pp. 62–73. ACM Press, New York (1993)
Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: Fronhöfer, B., Wrightson, G. (eds.) Dagstuhl Seminar 1990. LNCS, vol. 590, pp. 92–111. Springer, Heidelberg (1992)
Boyko, V.: On the Security Properties of the OAEP as an All-or-Nothing Transform. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 503–518. Springer, Heidelberg (1999)
Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-Resilient Functions and All-or-Nothing Transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)
Desai, A.: The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 359–375. Springer, Heidelberg (2000)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)
Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. In: STOC 1991, ACM, New York (1991)
Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Science 28(2), 270–299 (1984)
Jakobsson, M., Stern, J., Yung, M.: Scramble All, Encrypt Small. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 95–111. Springer, Heidelberg (1999)
Johnson, D., Matyas, S., Peyravian, M.: Encryption of Long Blocks Using a Short-Block Encryption Procedure. Available at (1997), http://grouper.ieee.org/groups/1363/contributinos/peyrav.ps
Naor, M., Yung, M.: Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: STOC 1990, pp. 427–437. ACM, New York (1990)
Rackoff, C., Simon, D.: Noninteractive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)
Rivest, R.L.: All-Or-Nothing Encryption and The Package Transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997)
Shoup, V.: Why Chosen Ciphertext Security Matters. Technical Report RZ 3076, IBM Research (1998)
Shoup, V.: OAEP Reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)
Stinson, D.R.: Some Considerations on All-Or-Nothing Transforms. Available at (1998), http://cacr.math.uwaterloo.ca/~dstinson/papers/AON.ps
Zhang, R., Hanaoka, G., Shikata, J., Imai, H.: On the Security of Multiple Encryption or CCA-security+CCA-security=CCA-security? In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 360–374. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, R., Hanaoka, G., Imai, H. (2004). On the Security of Cryptosystems with All-or-Nothing Transform. In: Jakobsson, M., Yung, M., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol 3089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24852-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-24852-1_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22217-0
Online ISBN: 978-3-540-24852-1
eBook Packages: Springer Book Archive