Cloud security is gaining more and more importance in many applications and services nowadays. One of the important techniques that can be used to strengthen confidentiality of data stored in the cloud is the so-called all-or-nothing encryption. All-or-nothing encryption provides semantic security of data while guaranteeing that the data can only be recovered if and only if all blocks of a ciphertext are available for download by or known to a given client. Therefore all-or-nothing encryption does not solely rely on the secrecy of the encryption key for the data: In order to acquire any meaningful information of the input plaintext it is required that any adversary has access to all the data or blocks of the ciphertext respectively. Therefore all-or-nothing encryption ensures a transparent key management process and naturally complement information dispersal techniques that can be used to efficiently store the data in a distributed storage like cloud storage.
Conventional all-or-nothing encryptions are for example disclosed in the non-patent literature of R. Rivest, “All-or-Nothing Encryption and The Package Transform,” In Proceedings of Fast Software Encryption, pages 210-218, 1997, or in the non-patent literature of Victor Boyko, “On the Security Properties of OAEP as an All-or-Nothing Transform,” CRYPTO 1999:503-518. 1998.
Another conventional all-or-nothing-encryption is disclosed in the non-patent literature of D. R. Stinson, “Something About All or Nothing (Transforms),” In Designs, Codes and Cryptography, pages 133-138, 2001.
Most of these conventional techniques add an encryption layer after an all-or-nothing transformation of the all-or-nothing encryption. Therefore conventional all-or-nothing encryptions require at least two rounds of encryption, wherein the all-or-nothing transformation is achieved using encryption, which makes these conventional all-or-nothing encryptions inefficient in particular when dealing with large files.