# Another look at XCB

@article{Chakraborty2015AnotherLA, title={Another look at XCB}, author={Debrup Chakraborty and Vicente Hernandez-Jimenez and Palash Sarkar}, journal={Cryptography and Communications}, year={2015}, volume={7}, pages={439-468} }

XCB is a tweakable enciphering scheme (TES) which was first proposed in 2004. The scheme was modified in 2007. We call these two versions of XCB as XCBv1 and XCBv2 respectively. XCBv2 was later proposed as a standard for encryption of sector oriented storage media in IEEE-std 1619.2 2010. There is no known proof of security for XCBv1 but the authors provided a concrete security bound for XCBv2 and a “proof” justifying the bound. In this paper we show that XCBv2 is not secure as a TES by showing…

## 11 Citations

Security of XCB and HCTR

- Computer Science, Mathematics
- 2018

The XCB (MXCB) scheme is modi ed such that it gives better security bound compared to the present XCB scheme and some weak keys attack on XCB and a type of TES known as HCTR is analysed.

Disk encryption: do we need to preserve length?

- Computer Science, MathematicsJournal of Cryptographic Engineering
- 2016

The possibility of the use of encryption schemes where length expansion is produced for the purpose of disk encryption is analyzed and it is demonstrated that deterministic authenticated encryption (DAE) schemes may have more advantages than disadvantages compared to a TES when used for disk encryption.

FAST: Disk Encryption and Beyond

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

The implementation results show that FAST compares very favourably to the IEEE disk encryption standards XCB and EME2 as well as the more recent proposal AEZ, putting FAST as a serious candidate for standardisation and deployment.

Designing Tweakable Enciphering Schemes Using Public

- Computer Science, Mathematics
- 2021

A generic construction of a tweakable enciphering scheme which uses a public random permutation, a length expanding public permutation based PRF and a hash function which is both almost xor 19 universal and almost regular.

Designing Tweakable Enciphering Schemes Using Public Permutations

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

A generic construction of a tweakable enciphering scheme which uses a public random permutation, a length expanding public permutation based PRF and a hash function which is both almost xor universal and almost regular.

The design and analysis of symmetric cryptosystems

- Computer Science, Mathematics
- 2015

A general forgery attack against the related message authentication schemes is described, as well as providing a common description of all known attacks against such schemes, and greatly expanding the number of known weak keys.

A Note on the CLRW2 Tweakable Block Cipher Construction

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2014

The issue is resolved, a new bound is given for the security of CLRW2, and a potential limitation of this proof technique is identified when looking to extend the scheme to provide asymptotic security.

Weak-Key and Related-Key Analysis of Hash-Counter-Hash Tweakable Enciphering Schemes

- Computer Science, MathematicsACISP
- 2015

It is pointed out that XCB, HCTR and HCH (and two variations of HCH) can not resist distinguishing attack, key-recovery attack and plaintext-reCOvery attack once the weak key is recognized and can resist related-key attack under the assumption that the underlying block cipher resists related- key attack.

${\sf {FAST}}$: Disk encryption and beyond

- Computer Science, MathematicsAdv. Math. Commun.
- 2022

This work introduces ${\sf {FAST}}$ which is a new family of tweakable enciphering schemes which uses a single-block key, is parallelisable and can be instantiated using only the encryption function of a block cipher.

Critical perspectives on provable security: Fifteen years of "another look" papers

- Mathematics, Computer ScienceAdv. Math. Commun.
- 2019

An overview of the critiques of "proofs" of security and a guide to the papers on the subject that have appeared over the past decade and a half are given.

## References

SHOWING 1-10 OF 25 REFERENCES

The Security of the Extended Codebook (XCB) Mode of Operation

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2007

This paper provides a proof of security for XCB, and shows that it is a secure tweakable (super) pseudorandom permutation, and defines a nonce mode in which XCB can be securely used even when the plaintext is shorter than twice the width of the underlying block cipher.

The Extended Codebook (XCB) Mode of Operation

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2004

We describe a block cipher mode of operation that implements a ‘tweakable’ (super) pseudorandom permutation with an arbitrary block length. This mode can be used to provide the best possible security…

HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2008

A unique feature of HCH compared to all known tweakable enciphering schemes is that HCH uses a single key, can handle arbitrary length messages, and has a quadratic security bound.

An Improved Security Bound for HCTR

- Mathematics, Computer ScienceFSE
- 2008

It is shown that HCTR has a better security bound than what the authors showed, and it is proved that the distinguishing advantage of an adversary in distinguishing HCTS and its inverse from a random permutation is bounded above by 4.5 i¾?2/2n.

Reconfigurable Hardware Implementations of Tweakable Enciphering Schemes

- Computer ScienceIEEE Transactions on Computers
- 2010

The performance results reported in this paper provide experimental evidence that hardware implementations of tweakable enciphering schemes can actually match and even outperform the data rates achieved by state-of-the-art disk controllers, thus showing that they might be used for achieving provably secure in-place hard disk encryption.

Breaking and Repairing GCM Security Proofs

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

This paper points out that a lemma, which is related to the upper bound on the probability of a counter collision, is invalid, and shows that GCM has better security bounds than a general case of variable length nonces.

A Tweakable Enciphering Mode

- Computer Science, MathematicsCRYPTO
- 2003

We describe a block-cipher mode of operation, CMC, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where m ≥ 2. When the underlying block cipher…

A New Mode of Encryption Providing a Tweakable Strong Pseudo-random Permutation

- Computer Science, MathematicsFSE
- 2006

Compared to previous known constructions, PEP is the only known construction of tweakable SPRP which uses a single key, is efficiently parallelizable and can handle an arbitrary number of blocks.

HCTR: A Variable-Input-Length Enciphering Mode

- Computer Science, MathematicsCISC
- 2005

It is shown to be a very efficient mode of operation when some pre-computations are taken into consideration, and it is proved that HCTR is a strong tweakable pseudorandom permutation ( $\widetilde{sprp}$), when the underlying blockcipher is aStrong pseudor Frequency Permutation (sprp).

Improving Upon the TET Mode of Operation

- Computer Science, MathematicsICISC
- 2007

A new mode of operation called HEH is presented, built using a new construction of invertible block-wise universal hash function using the Naor-Reingold approach, which improves over Halevi's construction by removing restrictions on the hashing key.