Abstract
The XCB mode of operation was outlined in 2004 as a contribution to the IEEE Security in Storage effort, but no security analysis was provided. In this paper, we provide a proof of security for XCB, and show that it is a secure tweakable (super) pseudorandom permutation. Our analysis makes several new contributions: it uses an algebraic property of XCB’s internal universal hash function to simplify the proof, and it defines a nonce mode in which XCB can be securely used even when the plaintext is shorter than twice the width of the underlying block cipher. We also show minor modifications that improve the performance of XCB and make it easier to analyze. XCB is interesting because it is highly efficient in both hardware and software, it has no alignment restrictions on input lengths, it can be used in nonce mode, and it uses the internal functions of the Galois/Counter Mode (GCM) of operation, which facilitates design re-use and admits multi-purpose implementations.
Chapter PDF
Similar content being viewed by others
References
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of the 38th FOCS, IEEE Computer Society Press, Los Alamitos (1997)
IEEE Security in Storage Working Group. Web page, http://siswg.org
Schroeppel, R.: Hasty Pudding Cipher Specification. In: First AES Candidate Workshop (August 1998), available online at http://www.cs.arizona.edu/people/rcs/hpc/hpc-spec
Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, Springer, Heidelberg (2002)
Naor, M., Reingold, O.: A pseudo-random encryption mode. Manuscript (1997), available from http://www.wisdom.weizmann.ac.il/naor
Anderson, R., Biham, E.: Two Practical and Provably Secure Block Ciphers: BEAR and LION. In: Proceedings of the Third International Workshop on Fast Software Encryption, Cambridge, UK, pp. 113–120 (1996)
Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)
Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode. In: 2004 RSA Conference Cryptography Track. LNCS, Springer, Heidelberg (2004)
Halevi, S.: EME*: extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004)
McGrew, D., Viega, J.: Arbitrary block length mode. Standards contribution (2004), available on-line from http://grouper.ieee.org/groups/1619/email/pdf00005.pdf
McGrew, D., Fluhrer, S.: The Extended Codebook (XCB) Mode of Operation, Cryptology ePrint Archive: Report 2004/278 (October 25, 2004) http://eprint.iacr.org/2004/278
Wang, P., Feng, D., Wu, W.: HCTR: A variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175–188. Springer, Heidelberg (2005)
Chakraborty, D., Sarkar, P.: HCH: A new tweakable enciphering scheme using the hash-encrypt-hash approach. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 287–302. Springer, Heidelberg (2006)
Chakraborty, D., Sarkar, P.: A new mode of encryption providing a tweakable strong pseudo-random permutation. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 293–309. Springer, Heidelberg (2006)
Halevi, S.: Invertible Universal Hashing and the TET Encryption Mode. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622. Springer, Heidelberg (2007)
Baugher, M., McGrew, D., Naslund, M., Carrara, E., Norrman, K.: The Secure Real-time Transport Protocol. IETF RFC 3711 (March 2004)
McGrew, D., Viega, J.: The Galois/Counter Mode of Operation (GCM). NIST Modes of Operation Process (submission) (January 2004), available online at http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/
Bellare, M., Kilian, J., Rogaway, P.: The Security of the Cipher Block Chaining Message Authentication Code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)
McGrew, D., Fluhrer, S.: The Extended Codebook (XCB) Mode of Operation, Version 2, IEEE P1619 (submission) grouper.ieee.org/groups/1619/email/pdf00019.pdf
Krawczyk, H.: LFSR-based hashing and authentication. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)
U.S. National Institute of Standards and Technology. The Advanced Encryption Standard. Federal Information Processing Standard (FIPS) 197, (2002)
Biggs, N.: Discrete Mathematics. Oxford University Press, Oxford (1993) (Revised Edition)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
McGrew, D.A., Fluhrer, S.R. (2007). The Security of the Extended Codebook (XCB) Mode of Operation. In: Adams, C., Miri, A., Wiener, M. (eds) Selected Areas in Cryptography. SAC 2007. Lecture Notes in Computer Science, vol 4876. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77360-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-77360-3_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77359-7
Online ISBN: 978-3-540-77360-3
eBook Packages: Computer ScienceComputer Science (R0)