Professional Documents
Culture Documents
20
Advantages and Limitations of CTR
efficiency
can do parallel encryptions in advance of need
good for bursty high speed links
random access to encrypted data blocks
provable security (good as other modes)
but must ensure never reuse key/counter
values, otherwise could break (compare: OFB)
Comparison
RQ 23
XTS-AES Mode for Block-Oriented
Storage Devices
Approved as an additional block cipher mode
of operation by NIST in 2010
Mode is also an IEEE Standard, IEEE Std 1619-
2007
Standard describes a method of encryption for data
stored in sector-based devices where the threat
model includes possible access to stored data by
the adversary
Designed to address the requirements for
encrypting stored data (data at rest) that differ
somewhat from those for transmitted data
Tweakable Block Ciphers
XTS-AES mode is based on the concept of a
tweakable block cipher
General structure:
Has three inputs:
A A A
symmet-
plaintext ric key tweak Produces
P T a
K
ciphertext
output
C
Tweak need not be kept secret
Purpose of the key is to provide security
Purpose of the tweak is to provide variability
Tweakable Block Cipher
In essence, the ECB mode is used but for each block the
tweak is changed.
This overcomes the principal security weakness of ECB
i.e. two encryptions of the same block yield the same ciphertext.
XTS-AES Operation on a Block
Key A concatenation of two fields of equal size called Key1 and Key2
j The sequential number of the 128-bit block inside the sector
i The value of the 128-bit tweak. Each sector is assigned a tweak value. The
tweak values are consecutive integers, starting from an arbitrary number.
⍺ j A primitive element of GF(2128) multiplied by itself j times, in GF(2128)
⊕ Bitwise XOR
⊗ Modular multiplication in GF(2128)
XTS-AES Operation on a Sector
A sector is
organized into
128-bit blocks.
Ciphertext
stealing (CTS) is
a technique for
encrypting
plaintext using a
block cipher,
without padding
the message to a
multiple of the
block size, so
the ciphertext is
the same size as
the plaintext. 28
XTS-AES
AES:
Advanced Encryption Standard
XTS:
XEX-based Tweaked-codebook mode with
ciphertext Stealing
XEX:
XOR – Encrypt – XOR
Summary
Modes of Operation
ECB
CBC
CFB
OFB
CTR
XTS