| Abstract: | Abstract This paper describes the importance of the XTS-AES encryption mode of operation and concludes with a new proof for the security of ciphertext stealing as used by XTS-AES. The XTS-AES mode is designed for encrypting data stored on hard disks where there is not additional space for an integrity field. Given this lack of space for an integrity field, XTS-AES builds on the security of AES by protecting the storage device from many dictionary and copy/paste attacks. The operation of the XTS mode of AES is defined in the IEEE 1619-2007 standard [3 IEEE Std 1619–2007 . April 18, 2008 . The XTS-AES Tweakable Block Cipher. Institute of Electrical and Electronics Engineers, Inc. [Google Scholar]], and has been adopted by the U.S. National Institute of Standards and Technology (NIST) as an approved mode of operation under FIPS 140-2 [2 Dworkin , M. December 2009 . NIST SP 800-38E, “Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices”. [Google Scholar]]. XTS-AES builds on the XEX (Xor-Encrypt-Xor) mode originally proposed by Rogaway [8 Rogaway , P. 2004 . Efficient Instantiations of Tweakable Block ciphers and Refinements to Modes OCB and PMAC. Advances in Cryptology–Asiacrypt 2004, Lecture Notes in Computer Science, vol. 3329, Springer-Verlag, pp. 16–31. Available at http://www.cs.ucdavis.edu/rogaway/papers/offsets.pdf (Accessed 6 January 2012) . [Google Scholar]]. |
