论文信息 - The XTS-AES Disk Encryption Algorithm and the Security of Ciphertext Stealing

The XTS-AES Disk Encryption Algorithm and the Security of Ciphertext Stealing

Abstract This paper describes the importance of the XTS-AES encryption mode of operation and concludes with a new proof for the security of ciphertext stealing as used by XTS-AES. The XTS-AES mode is designed for encrypting data stored on hard disks where there is not additional space for an integrity field. Given this lack of space for an integrity field, XTS-AES builds on the security of AES by protecting the storage device from many dictionary and copy/paste attacks. The operation of the XTS mode of AES is defined in the IEEE 1619-2007 standard [3], and has been adopted by the U.S. National Institute of Standards and Technology (NIST) as an approved mode of operation under FIPS 140-2 [2]. XTS-AES builds on the XEX (Xor-Encrypt-Xor) mode originally proposed by Rogaway [8].

[1] Kazuhiko Minematsu,et al. Comments on XTS-AES , 2008 .

[2] David A. Wagner,et al. Tweakable Block Ciphers , 2002, Journal of Cryptology.

[3] William Stallings. NIST Block Cipher Modes of Operation for Confidentiality , 2010, Cryptologia.

[4] Stephen M. Matyas,et al. Cryptography: A New Dimension in Computer Data Security--A Guide for the Design and Implementation of Secure Systems , 1982 .

[5] Kazuhiko Minematsu,et al. Improved Security Analysis of XEX and LRW Modes , 2006, Selected Areas in Cryptography.

[6] Morris J. Dworkin. SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2004 .

[7] Morris J. Dworkin. SP 800-38E. Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices , 2010 .

[8] Morris J. Dworkin,et al. SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[9] Phillip Rogaway,et al. Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[10] William Stallings,et al. NIST Block Cipher Modes of Operation for Authentication and Combined Confidentiality and Authentication , 2010, Cryptologia.