All or Nothing at All

We continue a study of unconditionally secure all-or-nothing transforms (AONT) begun in \cite{St}. An AONT is a bijective mapping that constructs s outputs from s inputs. We consider the security of t inputs, when s-t outputs are known. Previous work concerned the case t=1; here we consider the problem for general t, focussing on the case t=2. We investigate constructions of binary matrices for which the desired properties hold with the maximum probability. Upper bounds on these probabilities are obtained via a quadratic programming approach, while lower bounds can be obtained from combinatorial constructions based on symmetric BIBDs and cyclotomy. We also report some results on exhaustive searches and random constructions for small values of s.Comment: 23 page

Generalizations of All-or-Nothing Transforms and their Application in Secure Distributed Storage

An all-or-nothing transform is an invertible function that maps s inputs to s outputs such that, in the calculation of the inverse, the absence of only one output makes it impossible for an adversary to obtain any information about any single input. In this thesis, we generalize this structure in several ways motivated by different applications, and for each generalization, we provide some constructions. For a particular generalization, where we consider the security of t input blocks in the absence of t output blocks, namely, t-all-or-nothing transforms, we provide two applications. We also define a closeness measure and study structures that are close to t-all-or-nothing transforms. Other generalizations consider the situations where: i) t covers a range of values and the structure maintains its t-all-or-nothingness property for all values of t in that range; ii) the transform provides security for a smaller, yet fixed, number of inputs than the number of absent outputs; iii) the missing output blocks are only from a fixed subset of the output blocks; and iv) the transform generates n outputs so that it can still reconstruct the inputs as long as s outputs are available. In the last case, the absence of n-s+t outputs can protect the security of any t inputs. For each of these transforms, various existence and non-existence results, as well as bounds and equivalence results are presented. We finish with proposing an application of generalization (iv) in secure distributed storage

On Security Properties of All-or-nothing Transforms

All-or-nothing transforms have been defined as bijective mappings on all s-tuples over a specified finite alphabet. These mappings are required to satisfy certain "perfect security" conditions specified using entropies of the probability distribution defined on the input s-tuples. Alternatively, purely combinatorial definitions of AONTs have been given, which involve certain kinds of "unbiased arrays". However, the combinatorial definition makes no reference to probability definitions. In this paper, we examine the security provided by AONTs that satisfy the combinatorial definition. The security of the AONT can depend on the underlying probability distribution of the s-tuples. We show that perfect security is obtained from an AONT if and only if the input s-tuples are equiprobable. However, in the case where the input s-tuples are not equiprobable, we still achieve a weaker security guarantee. We also consider the use of randomized AONTs to provide perfect security for a smaller number of inputs, even when those inputs are not equiprobable

A Scalable Post-quantum Hash-Based Group Signature

Abstract. We present a construction for hash-based one-time group signature schemes, and develop a traceable post-quantum multi-time group signature upon it. A group signature scheme allows group members to anonymously sign a message on behalf of the whole group. The signatures are unforgeable and the scheme enables authorized openers to trace the signature back to the original signer when needed. Our construction utilizes three nested layers to build the group signature scheme. The first layer is key management; it deploys a transversal design to assign keys to the group members and the openers, providing the construction with traceability. The second layer utilizes hash pools to build the group public verification key, to connect group members together, and to provide anonymity. The final layer is a post-quantum hash-based signature scheme, that adds unforgeability to our construction. We extend our scheme to multi-time signatures by using Merkle trees, and show that this process keeps the scalability property of Merkle-based signatures, while it supports the group members signing any number of messages. Keywords: Post Quantum Signatures, Hash-based Signatures, Group Signatures, Transversal Designs, Multi-opener Signature

Rectangular, Range, and Restricted AONTs: Three Generalizations of All-or-Nothing Transforms

All-or-nothing transforms (AONTs) were originally defined by Rivest as bijections from $s$ input blocks to $s$ output blocks such that no information can be obtained about any input block in the absence of any output block. Numerous generalizations and extensions of all-or-nothing transforms have been discussed in recent years, many of which are motivated by diverse applications in cryptography, information security, secure distributed storage, etc. In particular, $t$-AONTs, in which no information can be obtained about any $t$ input blocks in the absence of any $t$ output blocks, have received considerable study. In this paper, we study three generalizations of AONTs that are motivated by applications due to Pham et al. and Oliveira et al. We term these generalizations rectangular, range, and restricted AONTs. Briefly, in a rectangular AONT, the number of outputs is greater than the number of inputs. A range AONT satisfies the $t$-AONT property for a range of consecutive values of $t$. Finally, in a restricted AONT, the unknown outputs are assumed to occur within a specified set of secure output blocks. We study existence and non-existence and provide examples and constructions for these generalizations. We also demonstrate interesting connections with combinatorial structures such as orthogonal arrays, split orthogonal arrays, MDS codes and difference matrices

Asymmetric All-or-nothing Transforms

In this paper, we initiate a study of asymmetric all-or-nothing transforms (or asymmetric AONTs). A (symmetric) $t$-all-or-nothing transform is a bijective mapping defined on the set of $s$-tuples over a specified finite alphabet. It is required that knowledge of all but $t$ outputs leaves any $t$ inputs completely undetermined. There have been numerous papers developing the theory of AONTs as well as presenting various applications of AONTs in cryptography and information security. In this paper, we replace the parameter $t$ by two parameters $t_o$ and $t_i$, where $t_i \leq t_o$. The requirement is that knowledge of all but $t_o$ outputs leaves any $t_i$ inputs completely undetermined. When $t_i < t_o$, we refer to the AONT as asymmetric. We give several constructions and bounds for various classes of asymmetric AONTs, especially those with $t_i = 1$ or $t_i = 2$. We pay particular attention to linear transforms, where the alphabet is a finite field $F_q$ and the mapping is linear

Constructions and bounds for codes with restricted overlaps

Non-overlapping codes have been studied for almost 60 years. In such a code, no proper, non-empty prefix of any codeword is a suffix of any codeword. In this paper, we study codes in which overlaps of certain specified sizes are forbidden. We prove some general bounds and we give several constructions in the case of binary codes. Our techniques also allow us to provide an alternative, elementary proof of a lower bound on non-overlapping codes due to Levenshtein in 1964.Comment: 25 pages. Extra citations, typos corrected and explanations expande

Some results on the existence of tt-all-or-nothing transforms over arbitrary alphabets

A $(t, s, v)$-all-or-nothing transform is a bijective mapping defined on $s$-tuples over an alphabet of size $v$, which satisfies the condition that the values of any $t$ input co-ordinates are completely undetermined, given only the values of any $s-t$ output co-ordinates. The main question we address in this paper is: for which choices of parameters does a $(t, s, v)$-all-or-nothing transform (AONT) exist? More specifically, if we fix $t$ and $v$, we want to determine the maximum integer $s$ such that a $(t, s, v)$-AONT exists. We mainly concentrate on the case $t=2$ for arbitrary values of $v$, where we obtain various necessary as well as sufficient conditions for existence of these objects. We consider both linear and general (linear or nonlinear) AONT. We also show some connections between AONT, orthogonal arrays and resilient functions