Tweakable Enciphering Modes for Sector-Level Encryption

نویسندگان

Shai Halevi

Phillip Rogaway

چکیده

We describe block-cipher modes of operation that turn an n-bit block cipher into a tweakable enciphering scheme that acts on sectors of mn bits, where m ≥ 2. When the underlying block cipher is secure in the sense of a strong pseudorandom permutation (PRP) our schemes are secure in the sense of variableinput-length, tweakable, strong PRP. Such an object can be used to encipher the sectors of a disk, in-place, offering security as good as can be obtained in this setting. Our main scheme, EME, does a pass of masked-ECB encryption, a lightweight mixing step, and then a pass of masked-ECB decryption. This mode is parallelizable. Another variant, CMC, makes a pass of CBC encryption, a lightweight mixing step, and then a pass of CBC decryption. This mode is not parallelizable, but it does slightly less total work than EME.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Parallelizable Enciphering Mode

We describe a block-cipher mode of operation, EME, that turns an n-bit block cipher intoa tweakable enciphering scheme that acts on strings of mn bits, where m ∈ [1..n]. The mode isparallelizable, but as serial-efficient as the non-parallelizable mode CMC [6]. EME can be usedto solve the disk-sector encryption problem. The algorithm entails two layers of ECB encryptionand a ...

متن کامل

Tweakable Enciphering Schemes From Stream Ciphers With IV

We present the first construction of a tweakable enciphering scheme from a stream cipher supporting an initialization vector. This construction can take advantage of the recent advances in hardware efficient stream ciphers to yield disk encryption systems with a very small hardware footprint. Such systems will be attractive for resource constrained devices.

متن کامل

Tweakable Enciphering Schemes Using Only the Encryption Function of a Block Cipher

A new construction of block cipher based tweakable enciphering schemes (TES) is described. The major improvement over existing TES is that the construction uses only the encryption function of the underlying block cipher. Consequently, this leads to substantial savings in the size of hardware implementation of TES applications such as disk encryption. This improvement is achieved without loss i...

متن کامل

Linux for the Information Smuggler

The most common way to implement full-disk encryption (as opposed to encrypted file systems) in the GNU/Linux operating system is using the encrypted loop device, known as CryptoLoop. We demonstrate clear weaknesses in the current CBC-based implementation of CryptoLoop, perhaps the most surprising being a very simple attack which allows specially watermarked files to be identified on an encrypt...

متن کامل

A Tweakable Enciphering Mode

We describe a block-cipher mode of operation, CMC, that turns an n-bit block cipher intoa tweakable enciphering scheme that acts on strings of mn bits, where m ≥ 2. When theunderlying block cipher is secure in the sense of a strong pseudorandom permutation (PRP),our scheme is secure in the sense of tweakable, strong PRP. Such an object can be used toencipher the sectors of a dis...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2002

Tweakable Enciphering Modes for Sector-Level Encryption

نویسندگان

چکیده

منابع مشابه

A Parallelizable Enciphering Mode

Tweakable Enciphering Schemes From Stream Ciphers With IV

Tweakable Enciphering Schemes Using Only the Encryption Function of a Block Cipher

Linux for the Information Smuggler

A Tweakable Enciphering Mode

عنوان ژورنال:

اشتراک گذاری