|
In cryptography, an all-or-nothing transform (AONT), also known as an all-or-nothing protocol, is an encryption mode which allows the data to be understood only if all of it is known. AONTs are not encryption, but frequently make use of symmetric ciphers and may be applied before encryption. In exact terms, "an AONT is an unkeyed, invertible, randomized transformation, with the property that it is hard to invert unless all of the output is known." ==Algorithms== The original AONT, the ''package transform'', was described by Ronald L. Rivest in (All-Or-Nothing Encryption and The Package Transform ). Simply put, Rivest proposed encrypting each plaintext block with a random key to form the ''pseudomessage'', then hashing each block and XORing all the hashes together with the random key to generate the last block of the pseudomessage. The blocks are also XOR'd with an incrementing counter to prevent duplicate blocks encrypting identically. This results in a "package" that cannot be partially decoded. The package transform can use a cipher in any mode, creating the package ECB transform, package CBC transform, etc. In 1999 Victor Boyko proposed another AONT, provably secure under the random oracle model.〔 Apparently at about the same time, D. R. Stinson proposed a different implementation of AONT, without any cryptographic assumptions. This implementation is a linear transform, perhaps highlighting some security weakness of the original definition. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「All-or-nothing transform」の詳細全文を読む スポンサード リンク
|