Abstract
We investigate the all-or-nothing encryption paradigm which was introduced by Rivest as a new mode of operation for block ciphers. The paradigm involves composing an all-or-nothing transform (AONT) with an ordinary encryption mode. The goal is to have secure encryption modes with the additional property that exhaustive key-search attacks on them are slowed down by a factor equal to the number of blocks in the ciphertext. We give a new notion concerned with the privacy of keys that provably captures this key-search resistance property. We suggest a new characterization of AONTs and establish that the resulting all-or-nothing encryption paradigm yields secure encryption modes that also meet this notion of key privacy. A consequence of our new characterization is that we get more efficient ways of instantiating the all-or-nothing encryption paradigm. We describe a simple block-cipher-based AONT and prove it secure in the Shannon Model of a block cipher. We also give attacks against alternate paradigms that were believed to have the above keysearch resistance property.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
W. Aiello, M. Bellare, G. Di Crescenzo and R. Venkatesan, “Security amplification by composition: The case of doubly-iterated, ideal ciphers,” Advances in Cryptology-Crypto’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
M. Bellare, A. Desai, E. Jokipii and P. Rogaway, “A concrete security treatment of symmetric encryption,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.
M. Bellare, J. Kilian and P. Rogaway, “The security of cipher block chaining,” Advances in Cryptology-Crypto’ 94, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.
M. Bellare and C. Namprempre, “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm,” Report 2000/025, Cryptology ePrint Archive, http://eprint.iacr.org/, May 2000.
M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols,” Proceedings of the 1st Annual Conference on Computer and Communications Security, ACM, 1993.
M. Bellare and P. Rogaway, “Optimal asymmetric encryption,” Advances in Cryptology-Eurocrypt’ 94, Lecture Notes in Computer Science Vol. 950, A. De Santis ed., Springer-Verlag, 1994
M. Bellare and P. Rogaway, “On the construction of variable-input-length ciphers,” Fast Software Encryption’ 99, Lecture Notes in Computer Science Vol. 1636, L. Knudsen ed., Springer-Verlag, 1999.
M. Bellare and P. Rogaway, “Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography,” Manuscript, December 1998, available from authors.
D. Blichenbacher and A. Desai, “A construction of super-pseudorandom cipher,” Manuscript, May 1999, available from authors.
V. Boyko, “On the security properties of OAEP as an all-or-nothing transform, ” Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.
A. Desai, “The security of all-or-nothing encryption,” Full version of this paper, available via: http://www-cse.ucsd.edu/users/adesai/.
R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz and A. Sahai, “Exposure-Resilient Cryptography: Constructions for the All-Or-Nothing Transform without Random Oracles,” Advances in Cryptology-Eurocrypt’ 00, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed., Springer-Verlag, 2000.
S. Goldwasser and S. Micali, “Probabilistic encryption,” J. of Computer and System Sciences, Vol. 28, April 1984, pp. 270–299.
M. Jakobsson, J. Stern and M. Yung, “Scramble All, Encrypt Small,” Fast Software Encryption’ 99, Lecture Notes in Computer Science Vol. 1636, L. Knudsen ed., Springer-Verlag, 1999.
D. Johnson, S. Matyas, and M. Peyravian, “Encryption of long blocks using a short-block encryption procedure,” Submission to IEEE P1363a, available via: http://grouper.ieee.org/groups/1363/contributions/peyrav.ps, Nov. 1996.
J. Katz and M. Yung, “Unforgeable Encryption and Adaptively Secure Modes of Operation,” Fast Software Encryption’ 00, Lecture Notes in Computer Science Vol. ??, B. Schneier ed., Springer-Verlag, 2000.
J. Kilian and P. Rogaway, “How to protect DES against exhaustive key search,” Advances in Cryptology-Crypto’ 96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.
National Bureau of Standards, NBS FIPS PUB 81, “DES modes of operation,” U.S Department of Commerce, 1980.
J.-J. Quisquater, Y. Desmedt and M. Davio, “The importance of “good” key scheduling schemes (how to make a secure DES scheme with = 48 bit keys),” Advances in Cryptology-Crypto’ 85, Lecture Notes in Computer Science Vol. 218, H. Williams ed., Springer-Verlag, 1985.
R. Rivest, “All-or-nothing encryption and the package transform,” Fast Software Encryption’ 97, Lecture Notes in Computer Science Vol. 1267, E. Biham ed., Springer-Verlag, 1997.
C. Shannon, “Communication theory of secrecy systems,” Bell Systems Technical Journal, Vol. 28, No. 4, 1949, pp. 656–715.
D. Stinson, “Something about all-or-nothing (transforms),” Manuscript. Available from: http://www.cacr.math.uwaterloo.ca/dstinson/, June 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Desai, A. (2000). The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search. In: Bellare, M. (eds) Advances in Cryptology — CRYPTO 2000. CRYPTO 2000. Lecture Notes in Computer Science, vol 1880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44598-6_23
Download citation
DOI: https://doi.org/10.1007/3-540-44598-6_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67907-3
Online ISBN: 978-3-540-44598-2
eBook Packages: Springer Book Archive