On the Information-theoretic Security of Combinatorial All-or-nothing Transforms
All-or-nothing transforms (AONT) were proposed by Rivest as a message preprocessing technique for encrypting data to protect against brute-force attacks, and have numerous applications in cryptography and information security. Later the unconditionally secure AONT and their combinatorial characterization were introduced by Stinson. Informally, a combinatorial AONT is an array with the unbiased requirements and its security properties in general depend on the prior probability distribution on the inputs s-tuples. Recently, it was shown by Esfahani and Stinson that a combinatorial AONT has perfect security provided that all the inputs s-tuples are equiprobable, and has weak security provided that all the inputs s-tuples are with non-zero probability. This paper aims to explore on the gap between perfect security and weak security for combinatorial (t,s,v)-AONTs. Concretely, we consider the typical scenario that all the s inputs take values independently (but not necessarily identically) and quantify the amount of information H(𝒳|𝒴) about any t inputs 𝒳 that is not revealed by any s-t outputs 𝒴. In particular, we establish the general lower and upper bounds on H(𝒳|𝒴) for combinatorial AONTs using information-theoretic techniques, and also show that the derived bounds can be attained in certain cases. Furthermore, the discussions are extended for the security properties of combinatorial asymmetric AONTs.
READ FULL TEXT