Abstract
We study the problem of partial key exposure. Standard cryptographic definitions and constructions do not guarantee any security even if a tiny fraction of the secret key is compromised. We show how to build cryptographic primitives that remain secure even when an adversary is able to learn almost all of the secret key.
The key to our approach is a new primitive of independent interest, which we call an Exposure-Resilient Function (ERF) — a deterministic function whose output appears random (in a perfect, statistical or computational sense) even if almost all the bits of the input are known. ERF’s by themselves efficiently solve the partial key exposure problem in the setting where the secret is simply a random value, like in privatekey cryptography. They can also be viewed as very secure pseudorandom generators, and have many other applications.
To solve the general partial key exposure problem, we use the (generalized) notion of an All-Or-Nothing Transform (AONT), an invertible (randomized) transformation T which, nevertheless, reveals “no information” about x even if almost all the bits of T(x) are known. By applying an AONT to the secret key of any cryptographic system, we obtain security against partial key exposure. To date, the only known security analyses of AONT candidates were made in the random oracle model.
We show how to construct ERF’s and AONT’s with nearly optimal parameters. Our computational constructions are based on any one-way function. We also provide several applications and additional properties concerning these notions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, S. Miner. A Forward-Secure Digital Signature Scheme. In Proc. of Crypto, pp. 431–448, 1999.
M. Bellare, P. Rogaway. Optimal Asymetric Encryption. In Proc. of EuroCrypt, pp. 92–111, 1995.
G. Blackley. Safeguarding Cryptographic Keys. In Proc. of AFIPS 1979 National Computer Conference, 1979.
V. Boyko. On the Security Properties of the OAEP as an All-or-Nothing Transform. In Proc. of Crypto, pp. 503–518, 1999.
R. Canetti, O. Goldreich and S. Halevi. The Random-Oracle Model, Revisited. In Proc. of STOC, pp. 209–218, 1998.
B. Chor, J. Friedman, O. Goldreich, J. Hastad, S. Rudich, R. Smolensky. The Bit Extraction Problem or t-resilient Functions. In Proc. of FOCS, pp. 396–407, 1985.
W. Diffie, P. van Oorschot and M. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.
A. Dornan. New Viruses Search For Strong Encryption Keys. In PlanetIT Systems Management News, March, 1999, http://www.planetit.com/techcenters/docs/systems_management/news/PIT19990317S0015.
O. Goldreich. Foundations of Cryptography (Fragments of a Book). Available at http://www.wisdom.weizmann.ac.il/home/oded/public_html/frag.html
O. Goldreich. A Note on Computational Indistinguishability. In IPL, 34:277–281, 1990.
O. Goldreich, S. Goldwasser and S. Micali. How to construct random functions. Journal of the ACM, 33(4):210–217, 1986.
J. Hastad, R. Impagliazzo, L. Levin, M. Luby. A Pseudorandom generator from any one-way function. In Proc. of STOC, 1989.
R. Impagliazzo, L. Levin, M. Luby. Pseudorandom Generation from one-way functions. In Proc. of STOC, pp. 12–24, 1989.
M. Jakobsson, J. Stern, M. Yung. Scramble All, Encrypt Small. In Proc. of Fast Software Encryption, pp. 95–111, 1999.
H. Krawczyk. Secret Sharing Made Short. In Proc. of Crypto, pp. 136–146, 1993.
F. MacWilliams, J. Sloane. Theory of Error-Correcting Codes, Amsterdam, 1981.
J. Naor, M. Naor. Small-Bias Probability Spaces: Efficient Constructions and Applications. In SIAM J. Computing, 22(4):838–856, 1993.
R. Raz, O. Reingold, S. Vadhan. Error Reduction for Extractors. In Proc. of FOCS, pp. 191–201, 1999.
R. Rivest. All-or-Nothing Encryption and the Package Transform. In Fast Software Encryption, LNCS, 1267:210–218, 1997.
A. Shamir. How to share a secret. In Communic. of the ACM, 22:612–613, 1979.
A. Shamir, N. van Someren. Playing “hide and seek” with stored keys. In Proc. of Financial Cryptography, 1999.
S._U. Shin, K. H. Rhee. Hash functions and the MAC using all-or-nothing property. In Proc. of Public Key Cryptography, LNCS, 1560:263–275, 1999.
N. van Someren. How not to authenticate code. Crypto’98 Rump Session, Santa Barbara, 1998.
A. Srinivasan, D. Zuckerman. Computing with Very Weak Random Sources. In Proc. of FOCS, pp. 264–275, 1994.
D. Stinson. Something About All or Nothing (Transforms). Available from http://cacr.math.uwaterloo.ca/~dstinson/papers/AON.ps, 1999.
L. Trevisan. Construction of Extractors Using PseudoRandom Generators. In Proc. of STOC, pp. 141–148, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A. (2000). Exposure-Resilient Functions and All-or-Nothing Transforms. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_33
Download citation
DOI: https://doi.org/10.1007/3-540-45539-6_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67517-4
Online ISBN: 978-3-540-45539-4
eBook Packages: Springer Book Archive