All-or-nothing transform
Encyclopedia
In cryptography
, an all-or-nothing transform (AONT), also known as an all-or-nothing protocol, is an encryption mode
which allows the data to be understood only if all of it is known. AONTs are not encryption, but frequently make use of symmetric ciphers and may be applied before encryption. In exact terms, "an AONT is an unkeyed, invertible, randomized transformation, with the property that it is hard to invert unless all of the output is known."
block with a random key to form the pseudomessage, then hashing each block and XORing all the hashes together with the random key to generate the last block of the pseudomessage. The blocks are also XOR'd with an incrementing counter to prevent duplicate blocks encrypting identically. This results in a "package" that cannot be partially decoded.
The package transform can use a cipher in any mode
, creating the package ECB
transform, package CBC
transform, etc.
In 1999 Victor Boyko proposed another AONT, provably secure under the random oracle model.
Apparently at about the same time, D. R. Stinson proposed a different implementation of AONT, without any cryptographic assumptions. This implementation is a linear transform, perhaps highlighting some security weakness of the original definition.
. AONTs help prevent several attacks.
One of the ways AONTs improve the strength of encryption is by preventing attacks which reveal only part of the information from revealing anything, as the partial information is not enough to recover any of the original message.
Another application, suggested in the original papers is to reduce the cost of security: for example, a file can be processed by AONT, and then only a small portion of it can be encrypted (e.g., on a smart-card). AONT will assure that as a result the whole file is protected. It is important to use the stronger version of the transform (such as the one by Boyko above).
AONT may be combined with forward error correction
to yield a computationally secure secret sharing
scheme .
Other uses of AONT can be found in optimal asymmetric encryption padding
(OAEP).
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, an all-or-nothing transform (AONT), also known as an all-or-nothing protocol, is an encryption mode
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
which allows the data to be understood only if all of it is known. AONTs are not encryption, but frequently make use of symmetric ciphers and may be applied before encryption. In exact terms, "an AONT is an unkeyed, invertible, randomized transformation, with the property that it is hard to invert unless all of the output is known."
Algorithms
The original AONT, the package transform, was described by Ronald L. Rivest in All-Or-Nothing Encryption and The Package Transform . Simply put, Rivest proposed encrypting each plaintextPlaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
block with a random key to form the pseudomessage, then hashing each block and XORing all the hashes together with the random key to generate the last block of the pseudomessage. The blocks are also XOR'd with an incrementing counter to prevent duplicate blocks encrypting identically. This results in a "package" that cannot be partially decoded.
The package transform can use a cipher in any mode
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
, creating the package ECB
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
transform, package CBC
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
transform, etc.
In 1999 Victor Boyko proposed another AONT, provably secure under the random oracle model.
Apparently at about the same time, D. R. Stinson proposed a different implementation of AONT, without any cryptographic assumptions. This implementation is a linear transform, perhaps highlighting some security weakness of the original definition.
Applications
AONTs can be used to increase the strength of encryption without increasing the key size. This may be useful to, for example, secure secrets while complying with government cryptography export regulationsExport of cryptography
The export of cryptography in the United States is the transfer from the United States to another country of devices and technology related to cryptography....
. AONTs help prevent several attacks.
One of the ways AONTs improve the strength of encryption is by preventing attacks which reveal only part of the information from revealing anything, as the partial information is not enough to recover any of the original message.
Another application, suggested in the original papers is to reduce the cost of security: for example, a file can be processed by AONT, and then only a small portion of it can be encrypted (e.g., on a smart-card). AONT will assure that as a result the whole file is protected. It is important to use the stronger version of the transform (such as the one by Boyko above).
AONT may be combined with forward error correction
Forward error correction
In telecommunication, information theory, and coding theory, forward error correction or channel coding is a technique used for controlling errors in data transmission over unreliable or noisy communication channels....
to yield a computationally secure secret sharing
Secret sharing
Secret sharing refers to method for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number of shares are combined together; individual shares are of no use on their own.More formally, in a...
scheme .
Other uses of AONT can be found in optimal asymmetric encryption padding
Optimal Asymmetric Encryption Padding
In cryptography, Optimal Asymmetric Encryption Padding is a padding scheme often used together with RSA encryption. OAEP was introduced by Bellare and Rogaway....
(OAEP).
External links
- Staple, an open-source prototype All-or-nothing transform implementation.