All-or-nothing encryption and the package transform
- Ronald L. Rivest
- … show all 1 hide
We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption. This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block. This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext. We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode. A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel. All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks.
- Ross Anderson and Eli Biham. Two practical and probably secure block ciphers: BEAR and LION. In Dieter Gollman, editor, Fast Software Encryption, pages 114–120. Springer, 1996. (Proceedings Third International Workshop, Feb. 1996, Cambridge, UK).
- Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption—how to encrypt with RSA. In EUROCRYPT94, 1994.
- Eli Biham. Cryptanalysis of multiple modes of operation. 1995. Pre-Proceedings of ASIACRYPT ’94. Submitted to J. Cryptology.
- Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, and Michael Wiener. Minimal key lengths for symmetric ciphers to provide adequate commercial security: A report by an ad hoc group of cryptographers and computer scientists, January 1996. Available at http://www.bsa.org.
- Don Coppersmith, Matthew Franklin, Jacques Patarin, and Michael Reiter. Low-exponent RSA with related messages. Technical Report IBM RC 20318, IBM T.J. Watson Research Lab, December 27, 1995. (To appear in Eurocrypt ’96).
- Hugo Krawczyk. Secret sharing made short. In Douglas R. Stinson, editor, Proc. CRYPTO 93, pages 136–146. Spring-Verlag, 1993.
- Wenbo Mao and Colin Boyd. Classification of cryptographic techniques in authentication protocols. In Proceedings 1994 Workshop on Selected Areas in Cryptography, May 1994. (Kingston, Ontario, Canada).
- J.-J. Quisquater, Yvo Desmedt, and Marc Davio. The importance of “good≓ key scheduling schemes (how to make a secure DES scheme with ≤ 48 bit keys). In H. C. Williams, editor, Proc. CRYPTO 85, pages 537–542. Springer, 1986. Lecture Notes in Computer Science No. 218.
- Bruce Schneier. Applied Cryptography (Second Edition). John Wiley & Sons, 1996.
- C. P. Schnorr and S. Vaudenay. Black box cryptanalysis of hash networks based on multipermutations. In EUROCRYPT94, 1994.
- All-or-nothing encryption and the package transform
- Book Title
- Fast Software Encryption
- Book Subtitle
- 4th International Workshop, FSE’97 Haifa, Israel, January 20–22 1997 Proceedings
- pp 210-218
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Industry Sectors
- eBook Packages
To view the rest of this content please follow the download PDF link above.