Abstract
We describe a block-cipher mode of operation, EME, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where mε[1..n]. The mode is parallelizable, but as serial-efficient as the non-parallelizable mode CMC [6]. EME can be used to solve the disk-sector encryption problem. The algorithm entails two layers of ECB encryption and a “lightweight mixing” in between. We prove EME secure, in the reduction-based sense of modern cryptography. We motivate some of the design choices in EME by showing that a few simple modifications of this mode are insecure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R., Biham, E.: Two practical and provably secure block ciphers: BEAR and LION. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 113–120. Springer, Heidelberg (1996), www.cs.technion.ac.il/~biham/
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3), 362–399, www.cs.ucdavis.edu/~rogaway
Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)
Crowley, P.: Mercy: A fast large block cipher for disk sector encryption. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 49–63. Springer, Heidelberg (2001), www.ciphergoth.org/crypto/mercy
Duplichan, S.: A primitive polynomial search program. Web document (2003), Available at users2.ev1.net/~sduplichan/primitivepolynomials/primivitePolynomials.htm
Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003), Full version available on the ePrint archive, http://eprint.iacr.org/2003/148/
Halevi, S., Rogaway, P.: A parallelizable enciphering mode (2003), Full version available on the ePrint archive, http://eprint.iacr.org/2003/147/
Hughes, J.: Personal communication (2002)
IEEE. Security in Storage Working Group (SISWG) (May 2002), See www.siswg.org and www.mail-archive.com/cryptography_wasabisystems.com/msg02102.html
Joux, A.: Cryptanalysis of the EMD mode of operation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 1–16. Springer, Heidelberg (2003)
Jutla, C.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)
Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search. Journal of Cryptology 14(1), 17–35 (2001); Earlier version in McCurley, K.S., Ziegler, C.D. (eds.): Advances in Cryptology 1981 - 1997. LNCS, vol. 1440. Springer, Heidelberg (1999), www.cs.ucdavis.edu/~rogaway
Liskov, M., Rivest, R., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002), www.cs.berkeley.edu/~daw/
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. of Computation 17(2) (April 1988)
Naor, M., Reingold, O.: A pseudo-random encryption mode. Manuscript, available from www.wisdom.weizmann.ac.il/~naor/
Naor, M., Reingold, O.: On the construction of pseudo-random permutations: Luby-Rackoff revisited. Journal of Cryptology 12(1), 29–66 (1999); Earlier version in STOC 1997 (1997), Available from www.wisdom.weizmann.ac.il/~naor/
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Eighth ACM Conference on Computer and Communications Security (CCS-8), pp. 196–205. ACM Press, New York (2001)
Schroeppel, R.: The hasty pudding cipher. AES candidate submitted to NIST (1999), www.cs.arizona.edu/~cs/hpc
Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461–480. Springer, Heidelberg (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Halevi, S., Rogaway, P. (2004). A Parallelizable Enciphering Mode. In: Okamoto, T. (eds) Topics in Cryptology – CT-RSA 2004. CT-RSA 2004. Lecture Notes in Computer Science, vol 2964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24660-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-24660-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20996-6
Online ISBN: 978-3-540-24660-2
eBook Packages: Springer Book Archive