Another look at XCB

  title={Another look at XCB},
  author={Debrup Chakraborty and Vicente Hernandez-Jimenez and Palash Sarkar},
  journal={Cryptography and Communications},
XCB is a tweakable enciphering scheme (TES) which was first proposed in 2004. The scheme was modified in 2007. We call these two versions of XCB as XCBv1 and XCBv2 respectively. XCBv2 was later proposed as a standard for encryption of sector oriented storage media in IEEE-std 1619.2 2010. There is no known proof of security for XCBv1 but the authors provided a concrete security bound for XCBv2 and a “proof” justifying the bound. In this paper we show that XCBv2 is not secure as a TES by showing… 
Security of XCB and HCTR
The XCB (MXCB) scheme is modi ed such that it gives better security bound compared to the present XCB scheme and some weak keys attack on XCB and a type of TES known as HCTR is analysed.
Disk encryption: do we need to preserve length?
The possibility of the use of encryption schemes where length expansion is produced for the purpose of disk encryption is analyzed and it is demonstrated that deterministic authenticated encryption (DAE) schemes may have more advantages than disadvantages compared to a TES when used for disk encryption.
FAST: Disk Encryption and Beyond
The implementation results show that FAST compares very favourably to the IEEE disk encryption standards XCB and EME2 as well as the more recent proposal AEZ, putting FAST as a serious candidate for standardisation and deployment.
Designing Tweakable Enciphering Schemes Using Public
A generic construction of a tweakable enciphering scheme which uses a public random permutation, a length expanding public permutation based PRF and a hash function which is both almost xor 19 universal and almost regular.
Designing Tweakable Enciphering Schemes Using Public Permutations
A generic construction of a tweakable enciphering scheme which uses a public random permutation, a length expanding public permutation based PRF and a hash function which is both almost xor universal and almost regular.
The design and analysis of symmetric cryptosystems
A general forgery attack against the related message authentication schemes is described, as well as providing a common description of all known attacks against such schemes, and greatly expanding the number of known weak keys.
A Note on the CLRW2 Tweakable Block Cipher Construction
  • Gordon Procter
  • Mathematics, Computer Science
    IACR Cryptol. ePrint Arch.
  • 2014
The issue is resolved, a new bound is given for the security of CLRW2, and a potential limitation of this proof technique is identified when looking to extend the scheme to provide asymptotic security.
Weak-Key and Related-Key Analysis of Hash-Counter-Hash Tweakable Enciphering Schemes
It is pointed out that XCB, HCTR and HCH (and two variations of HCH) can not resist distinguishing attack, key-recovery attack and plaintext-reCOvery attack once the weak key is recognized and can resist related-key attack under the assumption that the underlying block cipher resists related- key attack.
${\sf {FAST}}$: Disk encryption and beyond
This work introduces ${\sf {FAST}}$ which is a new family of tweakable enciphering schemes which uses a single-block key, is parallelisable and can be instantiated using only the encryption function of a block cipher.
Critical perspectives on provable security: Fifteen years of "another look" papers
An overview of the critiques of "proofs" of security and a guide to the papers on the subject that have appeared over the past decade and a half are given.


The Security of the Extended Codebook (XCB) Mode of Operation
This paper provides a proof of security for XCB, and shows that it is a secure tweakable (super) pseudorandom permutation, and defines a nonce mode in which XCB can be securely used even when the plaintext is shorter than twice the width of the underlying block cipher.
The Extended Codebook (XCB) Mode of Operation
We describe a block cipher mode of operation that implements a ‘tweakable’ (super) pseudorandom permutation with an arbitrary block length. This mode can be used to provide the best possible security
HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach
A unique feature of HCH compared to all known tweakable enciphering schemes is that HCH uses a single key, can handle arbitrary length messages, and has a quadratic security bound.
An Improved Security Bound for HCTR
It is shown that HCTR has a better security bound than what the authors showed, and it is proved that the distinguishing advantage of an adversary in distinguishing HCTS and its inverse from a random permutation is bounded above by 4.5 i¾?2/2n.
Reconfigurable Hardware Implementations of Tweakable Enciphering Schemes
The performance results reported in this paper provide experimental evidence that hardware implementations of tweakable enciphering schemes can actually match and even outperform the data rates achieved by state-of-the-art disk controllers, thus showing that they might be used for achieving provably secure in-place hard disk encryption.
Breaking and Repairing GCM Security Proofs
This paper points out that a lemma, which is related to the upper bound on the probability of a counter collision, is invalid, and shows that GCM has better security bounds than a general case of variable length nonces.
A Tweakable Enciphering Mode
We describe a block-cipher mode of operation, CMC, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where m ≥ 2. When the underlying block cipher
A New Mode of Encryption Providing a Tweakable Strong Pseudo-random Permutation
Compared to previous known constructions, PEP is the only known construction of tweakable SPRP which uses a single key, is efficiently parallelizable and can handle an arbitrary number of blocks.
HCTR: A Variable-Input-Length Enciphering Mode
It is shown to be a very efficient mode of operation when some pre-computations are taken into consideration, and it is proved that HCTR is a strong tweakable pseudorandom permutation ( $\widetilde{sprp}$), when the underlying blockcipher is aStrong pseudor Frequency Permutation (sprp).
Improving Upon the TET Mode of Operation
  • P. Sarkar
  • Computer Science, Mathematics
  • 2007
A new mode of operation called HEH is presented, built using a new construction of invertible block-wise universal hash function using the Naor-Reingold approach, which improves over Halevi's construction by removing restrictions on the hashing key.