All-or-Nothing Encryption and the Package Transform
Ronald L. Rivest
- pp 210-218
Reads0
Chats0
TLDR
This work presents a new mode of encryption for block ciphers that has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block, which means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext.Abstract:
We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacksread more
Citations
More filters
Book ChapterDOI
Revocation and Tracing Schemes for Stateless Receivers
TL;DR: In this paper, the Subset-Cover framework is proposed for the stateless receiver case, where the users do not (necessarily) update their state from session to session, and sufficient conditions that guarantee the security of a revocation algorithm in this class are provided.
Patent
Secure data parser method and system
TL;DR: A secure data parser as discussed by the authors parses data and then splits the data into multiple portions that are stored or communicated distinctly, which can be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
Book ChapterDOI
Traitor Tracing with Constant Transmission Rate
Aggelos Kiayias,Moti Yung +1 more
TL;DR: The first public-key traitor tracing scheme with constant transmission rate was proposed by Naccac, Shamir, and Stern as mentioned in this paper, which achieves the same expansion efficiency as regular ElGamal encryption.
Journal Article
Traitor Tracing with constant transmission rate
Aggelos Kiayias,Moti Yung +1 more
TL;DR: This work presents a general methodology and two protocol constructions that result in the first two public-key traitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficientlylarge.
Book ChapterDOI
Key-Insulated Public Key Cryptosystems
TL;DR: The notion of key-insulated public-key encryption was introduced in this article, where the secret key(s) stored on the insecure device are refreshed at discrete time periods via interaction with a physically-secure -but computationally limited -device which stores a "master key".
References
More filters
Book ChapterDOI
Optimal asymmetric encryption
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.
Proceedings Article
Optimal Asymmetric Encryption-How to Encrypt with RSA
TL;DR: A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which the adversary knows the corresponding plaintexts, and is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.
Book ChapterDOI
Secret sharing made short
TL;DR: An m-threshold scheme is presented, where m shares recover the secret but m - 1 shares give no (computational) information on the secret, in which shares corresponding to a secret S are of size |S|/m plus a short piece of information whose length does not depend on thesecret size but just in the security parameter.
ReportDOI
Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists
TL;DR: This work assesses the strength required of the symmetric cryptographic systems for encrypting data and public key or asymmetric systems for managing the keys used by symmetric systems.
Book ChapterDOI
Low-exponent RSA with related messages
TL;DR: A new class of attacks against RSA with low encrypting exponent is presented, enabling the recovery of plaintext messages from their ciphertexts and a known polynomial relationship among the messages, provided that the cipher Texts were created using the same RSA public key with low encryption exponent.