CWC: A High-Performance Conventional Authenticated Encryption Mode

We introduce CWC, a new block cipher mode of operation for protecting both the privacyand the authenticity of encapsulated data. CWC is currently the only such mode having all fiveof the following properties: provable security, parallelizability, high performance in hardware,high performance in software, and no intellectual property concerns. We believe that havingall five of these properties makes CWC a powerful tool for use in many performance-criticalcryptographic applications. CWC is also the only appropriate solution for some applications;e.g., standardization bodies like the IETF and NIST prefer patent-free modes, and CWC is theonly such mode capable of processing data at 10Gbps in hardware, which will be importantfor future IPsec (and other) network devices. As part of our design, we also introduce a newparallelizable universal hash function optimized for performance in both hardware and software.