On security properties of all-or-nothing transforms

All-or-nothing transforms have been defined as bijective mappings on all s -tuples over a specified finite alphabet. These mappings are required to satisfy certain “perfect security” conditions specified using entropies of the probability distribution defined on the input s -tuples. Alternatively, purely combinatorial definitions of AONTs have been given, which involve certain kinds of “unbiased arrays”. However, the combinatorial definition makes no reference to probability definitions. In this paper, we examine the security provided by AONTs that satisfy the combinatorial definition. The security of the AONT can depend on the underlying probability distribution of the s -tuples. We show that perfect security is obtained from an AONT if and only if the input s -tuples are equiprobable. However, in the case where the input s -tuples are not equiprobable, we still achieve a weaker security guarantee. We also consider the use of randomized AONTs to provide perfect security for a smaller number of inputs, even when those inputs are not equiprobable.