Abstract
We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption. This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block. This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext. We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode. A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel. All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks.
Chapter PDF
References
Ross Anderson and Eli Biham. Two practical and probably secure block ciphers: BEAR and LION. In Dieter Gollman, editor, Fast Software Encryption, pages 114–120. Springer, 1996. (Proceedings Third International Workshop, Feb. 1996, Cambridge, UK).
Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption—how to encrypt with RSA. In EUROCRYPT94, 1994.
Eli Biham. Cryptanalysis of multiple modes of operation. 1995. Pre-Proceedings of ASIACRYPT ’94. Submitted to J. Cryptology.
Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, and Michael Wiener. Minimal key lengths for symmetric ciphers to provide adequate commercial security: A report by an ad hoc group of cryptographers and computer scientists, January 1996. Available at http://www.bsa.org.
Don Coppersmith, Matthew Franklin, Jacques Patarin, and Michael Reiter. Low-exponent RSA with related messages. Technical Report IBM RC 20318, IBM T.J. Watson Research Lab, December 27, 1995. (To appear in Eurocrypt ’96).
Hugo Krawczyk. Secret sharing made short. In Douglas R. Stinson, editor, Proc. CRYPTO 93, pages 136–146. Spring-Verlag, 1993.
Wenbo Mao and Colin Boyd. Classification of cryptographic techniques in authentication protocols. In Proceedings 1994 Workshop on Selected Areas in Cryptography, May 1994. (Kingston, Ontario, Canada).
J.-J. Quisquater, Yvo Desmedt, and Marc Davio. The importance of “good≓ key scheduling schemes (how to make a secure DES scheme with ≤ 48 bit keys). In H. C. Williams, editor, Proc. CRYPTO 85, pages 537–542. Springer, 1986. Lecture Notes in Computer Science No. 218.
Bruce Schneier. Applied Cryptography (Second Edition). John Wiley & Sons, 1996.
C. P. Schnorr and S. Vaudenay. Black box cryptanalysis of hash networks based on multipermutations. In EUROCRYPT94, 1994.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag
About this paper
Cite this paper
Rivest, R.L. (1997). All-or-nothing encryption and the package transform. In: Biham, E. (eds) Fast Software Encryption. FSE 1997. Lecture Notes in Computer Science, vol 1267. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0052348
Download citation
DOI: https://doi.org/10.1007/BFb0052348
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63247-4
Online ISBN: 978-3-540-69243-0
eBook Packages: Springer Book Archive