Abstract
We describe a block-cipher mode of operation, CMC, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where m ≥ 2. When the underlying block cipher is secure in the sense of a strong pseudorandom permutation (PRP), our scheme is secure in the sense of tweakable, strong PRP. Such an object can be used to encipher the sectors of a disk, in-place, offering security as good as can be obtained in this setting. CMC makes a pass of CBC encryption, xors in a mask, and then makes a pass of CBC decryption; no universal hashing, nor any other non-trivial operation beyond the block-cipher calls, is employed. Besides proving the security of CMC we initiate a more general investigation of tweakable enciphering schemes, considering issues like the non-malleability of these objects.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, R., Biham, E.: Two practical and provably secure block ciphers: BEAR and LION. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 113–120. Springer, Heidelberg (1996), http://www.cs.technion.ac.il/~biham/
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In: Proceedings of 38th Annual Symposium on Foundations of Computer Science, FOCS 1997 (1997)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 232–249. Springer, Heidelberg (1998)
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3), 362–399 (2000), www.cs.ucdavis.edu/~rogaway
Bellare, M., Rogaway, P.: On the construction of variable-input-length ciphers. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 231–244. Springer, Heidelberg (1999), www.cs.ucdavis.edu/~rogaway
Bleichenbacher, D., Desai, A.: A construction of a super-pseudorandom cipher. Manuscript (February 1999)
Crowley, P.: Mercy: A fast large block cipher for disk sector encryption. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 49–63. Springer, Heidelberg (2001), www.ciphergoth.org/crypto/mercy
Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM Journal on Computing 30(2), 391–437 (2000); Earlier version in STOC 1991
Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)
Halevi, S., Rogaway, P.: A tweakable enciphering mode. Manuscript, full version of this paper (May 2003), http://www.cs.ucdavis.edu/~rogaway
Hughes, J.: Chair of the IEEE Security in Storage Working Group. Working group homepage at www.siswg.org , Call for algorithms can be found at www.mailarchive.com/cryptography@wasabisystems.com/msg02102
Joux, A.: Cryptanalysis of the EMD mode of operation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)
Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search. Journal of Cryptology 14(1), 17–35 (2001); Earlier version in CRYPTO 1996 www.cs.ucdavis.edu/~rogaway
Liskov, M., Rivest, R., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 31. Springer, Heidelberg (2002) www.cs.berkeley.edu/~daw/
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. of Computation 17(2) (April 1988)
Meyer, C., Matyas, S.: Cryptography: A new dimension in computer security. John Wiley and Sons, Chichester (1982)
Naor, M., Reingold, O.: A pseudo-random encryption mode. Manuscript, available from http://www.wisdom.weizmann.ac.il/~naor/
Naor, M., Reingold, O.: On the construction of pseudo-random permutations: Luby-Rackoff revisited. Journal of Cryptology 12(1), 29–66 (1999);(Earlier version in STOC 1997), Available from www.wisdom.weizmann.ac.il/~naor/
P. Rogaway. The EMD mode of operation (a tweaked, wide-blocksize, strong PRP). Cryptology ePrint Archive, Report 2002/148, Early (buggy) version of the CMC algorithm (October 2002), http://eprint.iacr.org/
Schroeppel, R.: The hasty pudding cipher. AES candidate submitted to NIST (1999), http://www.cs.arizona.edu/~rcs/hpc
Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Halevi, S., Rogaway, P. (2003). A Tweakable Enciphering Mode. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-45146-4_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40674-7
Online ISBN: 978-3-540-45146-4
eBook Packages: Springer Book Archive