This paper takes a closer look at Rivest's chaffing-and-winnowing paradigm for data privacy. We begin with a definition which enables one to clearly determine whether a given scheme qualifies as ``chaffing-and-winnowing.'' We then analyze Rivest's schemes to see what quality of data privacy they provide. His bit-by-bit scheme is easily proven secure but is inefficient. His more efficient scheme --based on all-or-nothing transforms (AONTs)-- can be attacked under Rivest's definition of security of an AONT, and even under stronger notions does not appear provable. However we show that by using OAEP as the AONT one can prove security, and also present a different scheme, still using AONTs, that is equally efficient and easily proven secure even under a relatively weak notion of security of AONTs.
展开▼
