On Security Properties of All-or-nothing Transforms

TL;DR

This paper investigates the security properties of all-or-nothing transforms (AONTs), showing that perfect security requires equiprobable inputs and exploring randomized AONTs for enhanced security with non-uniform distributions.

Contribution

It establishes the link between combinatorial and probabilistic security definitions of AONTs and introduces randomized AONTs for improved security with non-uniform inputs.

Findings

Perfect security requires equiprobable input s-tuples.

Weaker security guarantees are possible with non-equiprobable inputs.

Randomized AONTs can achieve perfect security for fewer inputs.

Abstract

All-or-nothing transforms have been defined as bijective mappings on all s-tuples over a specified finite alphabet. These mappings are required to satisfy certain "perfect security" conditions specified using entropies of the probability distribution defined on the input s-tuples. Alternatively, purely combinatorial definitions of AONTs have been given, which involve certain kinds of "unbiased arrays". However, the combinatorial definition makes no reference to probability definitions. In this paper, we examine the security provided by AONTs that satisfy the combinatorial definition. The security of the AONT can depend on the underlying probability distribution of the s-tuples. We show that perfect security is obtained from an AONT if and only if the input s-tuples are equiprobable. However, in the case where the input s-tuples are not equiprobable, we still achieve a weaker security guarantee. We also consider the use of randomized AONTs to provide perfect security for a smaller number of inputs, even when those inputs are not equiprobable.