Paper 2000/010

The Security of Chaffing and Winnowing

Mihir Bellare and Alexandra Boldyreva

Abstract

This paper takes a closer look at Rivest's chaffing-and-winnowing paradigm for data privacy. We begin with a \textit{definition} which enables one to determine clearly whether a given scheme qualifies as ``chaffing-and-winnowing.'' We then analyze Rivest's schemes to see what quality of data privacy they provide. His simplest scheme is easily proven secure but is ineffient. The security of his more efficient scheme ---based on all-or-nothing transforms (AONTs)--- is however more problematic. It can be attacked under Rivest's definition of security of an AONT, and even under stronger notions does not appear provable. We show however that by using a OAEP as the AONT one can prove security. We also present a different scheme, still using AONTs, that is equally efficient and easily proven secure even under the original weak notion of security of AONTs.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Message authenticationsymmetric
Contact author(s)
mihir @ cs ucsd edu
History
2000-04-06: received
Short URL
https://ia.cr/2000/010
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2000/010,
      author = {Mihir Bellare and Alexandra Boldyreva},
      title = {The Security of Chaffing and Winnowing},
      howpublished = {Cryptology ePrint Archive, Paper 2000/010},
      year = {2000},
      note = {\url{https://eprint.iacr.org/2000/010}},
      url = {https://eprint.iacr.org/2000/010}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.