Paper 2003/147

A Parallelizable Enciphering Mode

Shai Halevi and Phillip Rogaway

Abstract

We describe a block-cipher mode of operation, EME, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where m \in [1..n]. The mode is parallelizable, but as serial-efficient as the non-parallelizable mode CMC. EME can be used to solve the disk-sector encryption problem. The algorithm entails two layers of ECB encryption and a "lightweight mixing" in between. We prove EME secure, in the reduction-based sense of modern cryptography. We motivate some of the design choices in EME by showing that a few simple modifications of this mode are insecure.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Block-cipher usagecryptographic standardsdisk encryptionmodes of operationprovable securitysector-level encryptionsymmetric encryption.
Contact author(s)
shaih @ watson ibm com
History
2003-07-28: received
Short URL
https://ia.cr/2003/147
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/147,
      author = {Shai Halevi and Phillip Rogaway},
      title = {A Parallelizable Enciphering Mode},
      howpublished = {Cryptology ePrint Archive, Paper 2003/147},
      year = {2003},
      note = {\url{https://eprint.iacr.org/2003/147}},
      url = {https://eprint.iacr.org/2003/147}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.