Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
On the Security Properties of OAEP as an All-or-Nothing Transform
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
How to Protect DES Against Exhaustive Key Search
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
All-or-Nothing Encryption and the Package Transform
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Security Amplification by Composition: The Case of Doubly-Iterated, Ideal Ciphers
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
On Perfect and Adaptive Security in Exposure-Resilient Cryptography
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The Security of Chaffing and Winnowing
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Key-Privacy in Public-Key Encryption
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Chaffinch: Confidentiality in the Face of Legal Threats
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
The Random Oracle Model and the Ideal Cipher Model Are Equivalent
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Privacy for Private Key in Signatures
Information Security and Cryptology
The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
A domain extender for the ideal cipher
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
On the relation between the ideal cipher and the random oracle models
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Anonymous identity-based hash proof system and its applications
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Hi-index | 0.00 |
We investigate the all-or-nothing encryption paradigm which was introduced by Rivest as a new mode of operation for block ciphers. The paradigm involves composing an all-or-nothing transform (AONT) with an ordinary encryption mode. The goal is to have secure encryption modes with the additional property that exhaustive key-search attacks on them are slowed down by a factor equal to the number of blocks in the ciphertext. We give a new notion concerned with the privacy of keys that provably captures this key-search resistance property. We suggest a new characterization of AONTs and establish that the resulting all-or-nothing encryption paradigm yields secure encryption modes that also meet this notion of key privacy. A consequence of our new characterization is that we get more efficient ways of instantiating the all-or-nothing encryption paradigm. We describe a simple block-cipher-based AONT and prove it secure in the Shannon Model of a block cipher. We also give attacks against alternate paradigms that were believed to have the above keysearch resistance property.