TY - GEN
T1 - On the Security Properties of Combinatorial All-or-nothing Transforms
AU - Gu, Yujie
AU - Akao, Sonata
AU - Esfahani, Navid Nasr
AU - Miao, Ying
AU - Sakurai, Kouichi
N1 - Funding Information:
Y. Gu, S. Akao and K. Sakurai are with the Graduate School and Faculty of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan. (e-mails: gu@inf.kyushu-u.ac.jp, akao.sonata.598@s.kyushu-u.ac.jp, sakurai@inf.kyushu-u.ac.jp) N. Esfahani is with the David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, Ontario, N2L 3G1, Canada. (e-mail: nnas-resf@uwaterloo.ca) Y. Miao is with the Faculty of Engineering, Information and Systems, University of Tsukuba, Tsukuba, Ibaraki 305-8573, Japan. (e-mail: miao@sk.tsukuba.ac.jp) This work has been supported by JSPS Grant-in-Aid for Early-Career Scientists 21K13830 and JSPS Grant-in-Aid for Scientific Research (B) 18H01133.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - All-or-nothing transforms (AONT) were proposed by Rivest as a message preprocessing technique for encrypting data to protect against brute-force attacks, and have many applications in cryptography and information security. Later the unconditionally secure AONT and their combinatorial characterization were introduced by Stinson. Informally, a combinatorial AONT is an array with the unbiased requirements and its security properties in general depend on the prior probability distribution on the inputs s-tuples. Recently, it was shown by Esfahani and Stinson that a combinatorial AONT has perfect security provided that all the inputs s-tuples are equiprobable, and has weak security provided that all the inputs s-tuples are with non-zero probability. This paper aims to explore on the gap between perfect security and weak security for combinatorial (t, s, v)-AONTs. Concretely, we consider the typical scenario that all the s inputs take values independently (but not necessarily identically) and quantify the amount of information H(X|Y) about any t inputs X that is not revealed by any s-t outputs Y. In particular, we establish the general lower and upper bounds on H(X|Y) for combinatorial AONTs using information-theoretic techniques, and also show that the derived bounds can be attained in certain cases.
AB - All-or-nothing transforms (AONT) were proposed by Rivest as a message preprocessing technique for encrypting data to protect against brute-force attacks, and have many applications in cryptography and information security. Later the unconditionally secure AONT and their combinatorial characterization were introduced by Stinson. Informally, a combinatorial AONT is an array with the unbiased requirements and its security properties in general depend on the prior probability distribution on the inputs s-tuples. Recently, it was shown by Esfahani and Stinson that a combinatorial AONT has perfect security provided that all the inputs s-tuples are equiprobable, and has weak security provided that all the inputs s-tuples are with non-zero probability. This paper aims to explore on the gap between perfect security and weak security for combinatorial (t, s, v)-AONTs. Concretely, we consider the typical scenario that all the s inputs take values independently (but not necessarily identically) and quantify the amount of information H(X|Y) about any t inputs X that is not revealed by any s-t outputs Y. In particular, we establish the general lower and upper bounds on H(X|Y) for combinatorial AONTs using information-theoretic techniques, and also show that the derived bounds can be attained in certain cases.
UR - http://www.scopus.com/inward/record.url?scp=85136258843&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136258843&partnerID=8YFLogxK
U2 - 10.1109/ISIT50566.2022.9834366
DO - 10.1109/ISIT50566.2022.9834366
M3 - Conference contribution
AN - SCOPUS:85136258843
T3 - IEEE International Symposium on Information Theory - Proceedings
SP - 1447
EP - 1452
BT - 2022 IEEE International Symposium on Information Theory, ISIT 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Symposium on Information Theory, ISIT 2022
Y2 - 26 June 2022 through 1 July 2022
ER -