Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes

  • Virgil D. Gligor
  • Pompiliu Donescu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2355)


We present the eXtended Ciphertext Block Chaining (XCBC) and the eXtended Electronic Codebook (XECB) encryption schemes or modes of encryption that can detect encrypted-message forgeries with high probability even when used with typical non-cryptographic Manipulation Detection Code (MDC) functions (e.g., bitwise exclusive-or and cyclic redundancy code (CRC) functions). These modes detect encrypted-message forgeries at low cost in performance, power, and implementation, and preserve both message secrecy and integrity in a single pass over the message data. Their performance and security scale directly with those of the underlying block cipher function. We also present the XECB message authentication (XECB-MAC) modes that have all the operational properties of the XOR-MAC modes (e.g., fully parallel and pipelined operation, incremental updates, and out-of-order verification), and have better performance. They are intended for use either stand-alone or with encryption modes that have similar properties (e.g., counter-based XOR encryption). However, the XECB-MAC modes have higher upper bounds on the probability of adversary’s success in producing a forgery than the XOR-MAC modes.


Block Cipher Message Authentication Pseudorandom Function Encryption Mode Extra Block 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, “A Concrete Security Treatment of Symmetric Encryption,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997, (394–403). A full version of this paper is available at
  2. 2.
    M. Bellare, R. Guerin, and P. Rogaway, “XOR MACs: New methods for message authentication using finite pseudo-random functions”, Advances in Cryptology-CRYPTO’ 95 (LNCS 963), 15–28, 1995.(Also U.S. Patent No. 5,757,913, May 1998, and U.S. Patent No. 5,673,318, Sept. 1997.)Google Scholar
  3. 3.
    M. Bellare and C. Namprempre, “Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm,” manuscript, May 26, 2000.
  4. 4.
    E. Buonanno, J. Katz and M. Yung, “Incremental Unforgeable Encryption, ” Proc. Fast Software Encryption 2001, M. Matsui (ed.) (to appear in Springer-Verlag, LNCS).Google Scholar
  5. 5.
    C.M. Campbell, “Design and Specification of Cryptographic Capabilities,” in Computer Security and the Data Encryption Standard, (D.K. Brandstad (ed.)) National Bureau of Standards Special Publications 500-27, U.S. Department of Commerce, February 1978, pp. 54–66.Google Scholar
  6. 6.
    Open Software Foundation, “OSF-Distributed Computing Environment (DCE), Remote Procedure Call Mechanisms,” Code Snapshot 3, Release, 1.0, March 17, 1991.Google Scholar
  7. 7.
    V.D. Gligor and B. G. Lindsay, “Object Migration and Authentication,” IEEE-Transactions on Software Engineering, SE-5 Vol. 6, November 1979. (Also IBM-Research Report RJ 2298 (3l04), August 1978.)Google Scholar
  8. 8.
    V.D. Gligor, and P. Donescu, “Integrity-Aware PCBC Schemes,” in Proc. of the 7th Int’l Workshop on Security Protocols, (B. Christianson, B. Crispo, and M. Roe (eds.)), Cambridge, U.K., LNCS 1796, April 2000.Google Scholar
  9. 9.
    R.R. Juneman, S.M. Mathias, and C.H. Meyer, ”Message Authentication with Manipulation Detection Codes,” Proc. of the IEEE Symp. on Security and Privacy, Oakland, CA., April 1983, pp. 33–54.Google Scholar
  10. 10.
    J. Katz and M. Yung, “Complete characterization of security notions for probabilistic private-key encryption,” Proc. of the 32nd Annual Symp. on the Theory of Computing, ACM 2000.Google Scholar
  11. 11.
    J. Katz and M. Yung, “Unforgeable Encryption and Adaptively Secure Modes of Operation,” Proc. Fast Software Encryption 2000, B. Schneir (ed.) (to appear in Springer-Verlag, LNCS).Google Scholar
  12. 12.
    D.E. Knuth, “The Art of Computer Programming-Volume 2: Seminumerical Algorithms,” Addison-Wesley, 1981 (second edition), Chapter 3.Google Scholar
  13. 13.
    J.T. Kohl, “The use of encryption in Kerberos for network authentication”, Advances in Cryptology-CRYPTO’ 89 (LNCS 435), 35–43, 1990.Google Scholar
  14. 14.
    C.S. Jutla, “Encryption Modes with Almost Free Message Integrity,” IBM T.J. Watson Research Center, Yorktown Heights, NY 10598, manuscript, August 1, 2000. Scholar
  15. 15.
    M Luby and C. Rackoff, “How to construct pseudorandom permutations from pseudorandom functions”, SIAM J. Computing, Vol. 17, No. 2, April 1988.Google Scholar
  16. 16.
    A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, 1997.zbMATHGoogle Scholar
  17. 17.
    M. Naor and O. Reingold, “From Unpredictability to Indistinguishability: A Simple Construction of Pseudo-Random Functions from MACs,” Advances in Cryptology-CRYPTO’ 98 (LNCS 1462), 267–282, 1998.CrossRefGoogle Scholar
  18. 18.
    RFC 1510, “The Kerberos network authentication service (V5)”, Internet Request for Comments 1510, J. Kohl and B.C. Neuman, September 1993.Google Scholar
  19. 19.
    P. Rogaway, “The Security of DESX,” RSA Laboratories Cryptobytes, Vol. 2, No. 2, Summer 1996.Google Scholar
  20. 20.
    P. Rogaway, “OCB Mode: Parallelizable Authenticated Encryption”, Preliminary Draft, October 16, 2000, available at
  21. 21.
    P. Rogaway, “PMAC: A Parallelizable Message Authentication Mode,” Preliminary Draft, October 16, 2000, available at
  22. 22.
    S. G. Stubblebine and V. D. Gligor, “On message integrity in cryptographic protocols”, Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, 85–104, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Virgil D. Gligor
    • 1
  • Pompiliu Donescu
    • 1
  1. 1.VDG Inc.Chevy Chase

Personalised recommendations