Reference: Advances in Cryptology - CRYPTO '03, Lecture Notes in Computer Science, vol. 2729, Springer-Verlag, 2003.
We describe a block-cipher mode of operation, CMC,
that turns an n-bit block
cipher into a tweakable enciphering scheme that acts on strings of mn
bits, where m>1. When the underlying block cipher is secure in the
sense of a strong pseudorandom permutation (PRP), our scheme is secure
in the sense of tweakable, strong PRP.
Such an object can be used to encipher the sectors of a disk, in-place, offering
security as good as can be obtained in this setting.
CMC makes a pass of CBC encryption,
xors in a mask, and
then makes a pass of CBC decryption;
no universal hashing, nor any other non-trivial operation
beyond the block-cipher calls, is employed.
Besides proving the security of CMC we initiate a more general
investigation of tweakable enciphering schemes, considering issues like
the non-malleability of these objects.
Availability: pdf or ps
Rogaway's home page.