A randomized protocol for signing contracts
Communications of the ACM
The notion of security for probabilistic cryptosystems
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Secure communications over insecure channels
Communications of the ACM
High-Bandwidth Encryption with Low-Bandwidth Smartcards
Proceedings of the Third International Workshop on Fast Software Encryption
All-or-Nothing Encryption and the Package Transform
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
GEM: A Generic Chosen-Ciphertext Secure Encryption Method
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
On Perfect and Adaptive Security in Exposure-Resilient Cryptography
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Key-Insulated Public Key Cryptosystems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
The Security of Chaffing and Winnowing
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Simple Direct Reduction of String (1,2)-OT to Rabin's OT without Privacy Amplification
ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
A survey of confidential data storage and deletion methods
ACM Computing Surveys (CSUR)
Cryptography with tamperable and leaky memory
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Unconditionally secure chaffing-and-winnowing: a relationship between encryption and authentication
AAECC'06 Proceedings of the 16th international conference on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
A public-key traitor tracing scheme with an optimal transmission rate
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Distributed public key schemes secure against continual leakage
PODC '12 Proceedings of the 2012 ACM symposium on Principles of distributed computing
Inspection resistant memory: architectural support for security from physical examination
Proceedings of the 39th Annual International Symposium on Computer Architecture
Traitor tracing with optimal transmission rate
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
This paper studies All-or-Nothing Transforms (AONTs), which have been proposed by Rivest as a mode of operation for block ciphers. An AONT is an unkeyed, invertible, randomized transformation, with the property that it is hard to invert unless all of the output is known. Applications of AONTs include improving the security and speed of encryption. We give several formal definitions of security for AONTs that are stronger and more suited to practical applications than the original definitions. We then prove that Optimal Asymmetric Encryption Padding (OAEP) satisfies these definitions (in the random oracle model). This is the first construction of an AONT that has been proven secure in the strong sense. Our bound on the adversary's advantage is nearly optimal, in the sense that no adversary can do substantially better against the OAEP than by exhaustive search. We also show that no AONT can achieve substantially better security than OAEP.