2 research outputs found
On Security Properties of All-or-nothing Transforms
All-or-nothing transforms have been defined as bijective mappings on all
s-tuples over a specified finite alphabet. These mappings are required to
satisfy certain "perfect security" conditions specified using entropies of the
probability distribution defined on the input s-tuples. Alternatively, purely
combinatorial definitions of AONTs have been given, which involve certain kinds
of "unbiased arrays". However, the combinatorial definition makes no reference
to probability definitions.
In this paper, we examine the security provided by AONTs that satisfy the
combinatorial definition. The security of the AONT can depend on the underlying
probability distribution of the s-tuples. We show that perfect security is
obtained from an AONT if and only if the input s-tuples are equiprobable.
However, in the case where the input s-tuples are not equiprobable, we still
achieve a weaker security guarantee. We also consider the use of randomized
AONTs to provide perfect security for a smaller number of inputs, even when
those inputs are not equiprobable
Generalizations of All-or-Nothing Transforms and their Application in Secure Distributed Storage
An all-or-nothing transform is an invertible function that maps s inputs to s outputs such that, in the calculation of the inverse, the absence of only one output makes it impossible for an adversary to obtain any information about any single input. In this thesis, we generalize this structure in several ways motivated by different applications, and for each generalization, we provide some constructions. For a particular generalization, where we consider the security of t input blocks in the absence of t output blocks, namely, t-all-or-nothing transforms, we provide two applications. We also define a closeness measure and study structures that are close to t-all-or-nothing transforms. Other generalizations consider the situations where:
i) t covers a range of values and the structure maintains its t-all-or-nothingness property for all values of t in that range;
ii) the transform provides security for a smaller, yet fixed, number of inputs than the number of absent outputs;
iii) the missing output blocks are only from a fixed subset of the output blocks; and
iv) the transform generates n outputs so that it can still reconstruct the inputs as long as s outputs are available.
In the last case, the absence of n-s+t outputs can protect the security of any t inputs. For each of these transforms, various existence and non-existence results, as well as bounds and equivalence results are presented. We finish with proposing an application of generalization (iv) in secure distributed storage