A Tweakable Enciphering Mode
نویسندگان
چکیده
We describe a block-cipher mode of operation, CMC, that turns an n-bit block cipher intoa tweakable enciphering scheme that acts on strings of mn bits, where m ≥ 2. When theunderlying block cipher is secure in the sense of a strong pseudorandom permutation (PRP),our scheme is secure in the sense of tweakable, strong PRP. Such an object can be used toencipher the sectors of a disk, in-place, offering security as good as can be obtained in thissetting. CMC makes a pass of CBC encryption, xors in a mask, and then makes a pass of CBCdecryption; no universal hashing, nor any other non-trivial operation beyond the block-ciphercalls, is employed. Besides proving the security of CMC we initiate a more general investigationof tweakable enciphering schemes, considering issues like the non-malleability of these objects.
منابع مشابه
Tweakable Enciphering Schemes From Stream Ciphers With IV
We present the first construction of a tweakable enciphering scheme from a stream cipher supporting an initialization vector. This construction can take advantage of the recent advances in hardware efficient stream ciphers to yield disk encryption systems with a very small hardware footprint. Such systems will be attractive for resource constrained devices.
متن کاملTweakable Enciphering Modes for Sector-Level Encryption
We describe block-cipher modes of operation that turn an n-bit block cipher into a tweakable enciphering scheme that acts on sectors of mn bits, where m ≥ 2. When the underlying block cipher is secure in the sense of a strong pseudorandom permutation (PRP) our schemes are secure in the sense of variableinput-length, tweakable, strong PRP. Such an object can be used to encipher the sectors of a ...
متن کاملA Parallelizable Enciphering Mode
We describe a block-cipher mode of operation, EME, that turns an n-bit block cipher intoa tweakable enciphering scheme that acts on strings of mn bits, where m ∈ [1..n]. The mode isparallelizable, but as serial-efficient as the non-parallelizable mode CMC [6]. EME can be usedto solve the disk-sector encryption problem. The algorithm entails two layers of ECB encryptionand a ...
متن کاملAn Efficient SPRP-secure Construction based on Pseudo Random Involution
Here we present a new security notion called as pseudo random involution or PRI which are associated with tweakable involution enciphering schemes or TIES (i.e., the encryption and decryption are same algorithm). This new security notion is important in two reasons. Firstly, it is the natural security notion for TIES which are having practical importance. Secondly, we show that there is a gener...
متن کاملAn Inverse-Free Single-Keyed Tweakable Enciphering Scheme
In CRYPTO 2003, Halevi and Rogaway proposed CMC, a tweakable enciphering scheme (TES) based on a blockcipher. It requires two blockcipher keys and it is not inverse-free (i.e., the decryption algorithm uses the inverse (decryption) of the underlying blockcipher). We present here a new inverse-free, single-keyed TES. Our construction is a tweakable strong pseudorandom permutation (tsprp), i.e., ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2003 شماره
صفحات -
تاریخ انتشار 2003