Rectangular, range, and restricted AONTs: Three generalizations of all-or-nothing transforms

<p style='text-indent:20px;'>All-or-nothing transforms (AONTs) were originally defined by Rivest [<xref ref-type="bibr" rid="b14">14</xref>] as bijections from <inline-formula><tex-math id="M1">\begin{document}$ s $\end{document}</tex-math></inline-formula> input blocks to <inline-formula><tex-math id="M2">\begin{document}$ s $\end{document}</tex-math></inline-formula> output blocks such that no information can be obtained about any input block in the absence of any output block. Numerous generalizations and extensions of all-or-nothing transforms have been discussed in recent years, many of which are motivated by diverse applications in cryptography, information security, secure distributed storage, etc. In particular, <inline-formula><tex-math id="M3">\begin{document}$ t $\end{document}</tex-math></inline-formula>-AONTs, in which no information can be obtained about any <inline-formula><tex-math id="M4">\begin{document}$ t $\end{document}</tex-math></inline-formula> input blocks in the absence of any <inline-formula><tex-math id="M5">\begin{document}$ t $\end{document}</tex-math></inline-formula> output blocks, have received considerable study.</p><p style='text-indent:20px;'>In this paper, we study three generalizations of AONTs that are motivated by applications due to Pham et al. [<xref ref-type="bibr" rid="b13">13</xref>] and Oliveira et al. [<xref ref-type="bibr" rid="b12">12</xref>]. We term these generalizations rectangular, range, and restricted AONTs. Briefly, in a rectangular AONT, the number of outputs is greater than the number of inputs. A range AONT satisfies the <inline-formula><tex-math id="M6">\begin{document}$ t $\end{document}</tex-math></inline-formula>-AONT property for a range of consecutive values of <inline-formula><tex-math id="M7">\begin{document}$ t $\end{document}</tex-math></inline-formula>. Finally, in a restricted AONT, the unknown outputs are assumed to occur within a specified set of "secure" output blocks. We study existence and non-existence and provide examples and constructions for these generalizations. We also demonstrate interesting connections with combinatorial structures such as orthogonal arrays, split orthogonal arrays, MDS codes and difference matrices.</p>

Generalized Concatenated Codes over Gaussian and Eisenstein Integers for Code-Based Cryptography

The code-based McEliece and Niederreiter cryptosystems are promising candidates for post-quantum public-key encryption. Recently, q-ary concatenated codes over Gaussian integers were proposed for the McEliece cryptosystem, together with the one-Mannheim error channel, where the error values are limited to the Mannheim weight one. Due to the limited error values, the codes over Gaussian integers achieve a higher error correction capability than maximum distance separable (MDS) codes with bounded minimum distance decoding. This higher error correction capability improves the work factor regarding decoding attacks based on information-set decoding. The codes also enable a low complexity decoding algorithm for decoding beyond the guaranteed error correction capability. In this work, we extend this coding scheme to codes over Eisenstein integers. These codes have advantages for the Niederreiter system. Additionally, we propose an improved code construction based on generalized concatenated codes. These codes extend to the rate region, where the work factor is beneficial compared to MDS codes. Moreover, generalized concatenated codes are more robust against structural attacks than ordinary concatenated codes.

On the Existence of XOR-Based Codes for Private Information Retrieval with Private Side Information

We consider the problem of Private Information Retrieval with Private Side Information (PIR-PSI), wherein the privacy of the demand and the side information are jointly preserved. Although the capacity of the PIR-PSI setting is known, we observe that the underlying capacity-achieving code construction uses Maximum Distance Separable (MDS) codes therefore contributing to high computational complexity when retrieving the demand. Pointing at this drawback of MDS-based PIR-PSI codes, we propose XOR-based PIR-PSI codes for a simple yet non-trivial setting of two non-colluding databases and two side information files at the user. Although our codes offer substantial reduction in complexity when compared to MDS-based codes, the code-rate marginally falls short of the capacity of the PIR-PSI setting. Nevertheless, we show that our code-rate is strictly higher than that of XOR-based codes for PIR with no side information. As a result, our codes can be useful when privately downloading a file especially after having downloaded a few other messages privately from the same database at an earlier time-instant.