A Tweakable Enciphering Mode


Authors: Shai Halevi and Phillip Rogaway

Reference: Advances in Cryptology - CRYPTO '03, Lecture Notes in Computer Science, vol. 2729, Springer-Verlag, 2003.

Abstract: We describe a block-cipher mode of operation, CMC, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where m>1. When the underlying block cipher is secure in the sense of a strong pseudorandom permutation (PRP), our scheme is secure in the sense of tweakable, strong PRP. Such an object can be used to encipher the sectors of a disk, in-place, offering security as good as can be obtained in this setting. CMC makes a pass of CBC encryption, xors in a mask, and then makes a pass of CBC decryption; no universal hashing, nor any other non-trivial operation beyond the block-cipher calls, is employed. Besides proving the security of CMC we initiate a more general investigation of tweakable enciphering schemes, considering issues like the non-malleability of these objects.

Availability: pdf or ps


Rogaway's home page.