### Abstract

We consider the question of adaptive security for two related cryptographic primitives: all-or-nothing transforms and exposure-resilient functions. Both are concerned with retaining security when an intruder learns some bits of a string which is supposed to be secret: all-or-nothing transforms (AONT) protect their input even given partial knowledge of the output; exposure-resilient functions (ERF) hide their output even given partial exposure of their input. Both of these primitives can be defined in the perfect, statistical and computational settings and have a variety of applications in cryptography. In this paper, we study how these notions fare against adaptive adversaries, who may choose which positions of a secret string to observe on the fly. In the perfect setting, we prove a new, strong lower bound on the con-structibility of (perfect) AONT. This applies to both standard and adap-tively secure AONT. In particular, to hide an input as short as logn bits, the adversary must see no more than half of the n-bit output. This bound also provides a new impossibility result on the existence of (ramp) secret-sharing schemes [6] and relates to a combinatorial problem of independent interest: finding “balanced” colorings of the hypercube. In the statistical setting, we show that adaptivity adds strictly more power to the adversary. We relate and reduce the construction of adaptive ERF’s to that of almost-perfect resilient functions [19], for which the adversary can actually set some of the input positions and still learn nothing about the output. We give a probabilistic construction of these functions which is essentially optimal and substantially improves on previous constructions of [19, 5]. As a result, we get nearly optimal adaptively secure ERF’s and AONT’s. Finally, extending the statistical construction we obtain optimal computational adaptive ERF’s, “public-value” AONT’s and resilient functions.

Original language | English (US) |
---|---|

Title of host publication | Advances in Cryptology - EUROCRYPT 2001 - International Conference on the Theory and Application of Cryptographic Techniques, Proceedings |

Publisher | Springer Verlag |

Pages | 301-324 |

Number of pages | 24 |

Volume | 2045 |

ISBN (Print) | 3540420703 |

State | Published - 2001 |

Event | International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2001 - Innsbruck, Austria Duration: May 6 2001 → May 10 2001 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 2045 |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2001 |
---|---|

Country | Austria |

City | Innsbruck |

Period | 5/6/01 → 5/10/01 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Advances in Cryptology - EUROCRYPT 2001 - International Conference on the Theory and Application of Cryptographic Techniques, Proceedings*(Vol. 2045, pp. 301-324). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2045). Springer Verlag.

**On perfect and adaptive security in exposure-resilient cryptography.** / Dodis, Yevgeniy; Sahai, Amit; Smith, Adam.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Advances in Cryptology - EUROCRYPT 2001 - International Conference on the Theory and Application of Cryptographic Techniques, Proceedings.*vol. 2045, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2045, Springer Verlag, pp. 301-324, International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2001, Innsbruck, Austria, 5/6/01.

}

TY - GEN

T1 - On perfect and adaptive security in exposure-resilient cryptography

AU - Dodis, Yevgeniy

AU - Sahai, Amit

AU - Smith, Adam

PY - 2001

Y1 - 2001

N2 - We consider the question of adaptive security for two related cryptographic primitives: all-or-nothing transforms and exposure-resilient functions. Both are concerned with retaining security when an intruder learns some bits of a string which is supposed to be secret: all-or-nothing transforms (AONT) protect their input even given partial knowledge of the output; exposure-resilient functions (ERF) hide their output even given partial exposure of their input. Both of these primitives can be defined in the perfect, statistical and computational settings and have a variety of applications in cryptography. In this paper, we study how these notions fare against adaptive adversaries, who may choose which positions of a secret string to observe on the fly. In the perfect setting, we prove a new, strong lower bound on the con-structibility of (perfect) AONT. This applies to both standard and adap-tively secure AONT. In particular, to hide an input as short as logn bits, the adversary must see no more than half of the n-bit output. This bound also provides a new impossibility result on the existence of (ramp) secret-sharing schemes [6] and relates to a combinatorial problem of independent interest: finding “balanced” colorings of the hypercube. In the statistical setting, we show that adaptivity adds strictly more power to the adversary. We relate and reduce the construction of adaptive ERF’s to that of almost-perfect resilient functions [19], for which the adversary can actually set some of the input positions and still learn nothing about the output. We give a probabilistic construction of these functions which is essentially optimal and substantially improves on previous constructions of [19, 5]. As a result, we get nearly optimal adaptively secure ERF’s and AONT’s. Finally, extending the statistical construction we obtain optimal computational adaptive ERF’s, “public-value” AONT’s and resilient functions.

AB - We consider the question of adaptive security for two related cryptographic primitives: all-or-nothing transforms and exposure-resilient functions. Both are concerned with retaining security when an intruder learns some bits of a string which is supposed to be secret: all-or-nothing transforms (AONT) protect their input even given partial knowledge of the output; exposure-resilient functions (ERF) hide their output even given partial exposure of their input. Both of these primitives can be defined in the perfect, statistical and computational settings and have a variety of applications in cryptography. In this paper, we study how these notions fare against adaptive adversaries, who may choose which positions of a secret string to observe on the fly. In the perfect setting, we prove a new, strong lower bound on the con-structibility of (perfect) AONT. This applies to both standard and adap-tively secure AONT. In particular, to hide an input as short as logn bits, the adversary must see no more than half of the n-bit output. This bound also provides a new impossibility result on the existence of (ramp) secret-sharing schemes [6] and relates to a combinatorial problem of independent interest: finding “balanced” colorings of the hypercube. In the statistical setting, we show that adaptivity adds strictly more power to the adversary. We relate and reduce the construction of adaptive ERF’s to that of almost-perfect resilient functions [19], for which the adversary can actually set some of the input positions and still learn nothing about the output. We give a probabilistic construction of these functions which is essentially optimal and substantially improves on previous constructions of [19, 5]. As a result, we get nearly optimal adaptively secure ERF’s and AONT’s. Finally, extending the statistical construction we obtain optimal computational adaptive ERF’s, “public-value” AONT’s and resilient functions.

UR - http://www.scopus.com/inward/record.url?scp=84945116168&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84945116168&partnerID=8YFLogxK

M3 - Conference contribution

SN - 3540420703

VL - 2045

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 301

EP - 324

BT - Advances in Cryptology - EUROCRYPT 2001 - International Conference on the Theory and Application of Cryptographic Techniques, Proceedings

PB - Springer Verlag

ER -