Xor–encrypt–xor: Difference between revisions
link to related articles, etc. |
fix apparently incorrect DOI, etc. |
||
| Line 1: | Line 1: | ||
The '''xor-encrypt-xor''' ('''XEX''') is a (tweakable) [[block cipher modes of operation|mode of operation]] of a [[block cipher]]. |
The '''xor-encrypt-xor''' ('''XEX''') is a (tweakable) [[block cipher modes of operation|mode of operation]] of a [[block cipher]]. |
||
XEX-based tweaked-codebook mode with [[ciphertext stealing]] ('''XTS''') is one of the more popular modes of operation for [[whole-disk encryption]]. |
XEX-based tweaked-codebook mode with [[ciphertext stealing]] ('''XTS mode''') is one of the more popular modes of operation for [[whole-disk encryption]]. |
||
XEX is a common form of [[key whitening]]. |
XEX is a common form of [[key whitening]]. |
||
| Line 27: | Line 27: | ||
"Limitations of the Even-Mansour Construction". |
"Limitations of the Even-Mansour Construction". |
||
1992. |
1992. |
||
doi |
{{doi| 10.1007/3-540-57332-1_46 }} |
||
</ref> |
</ref> |
||
| Line 37: | Line 37: | ||
</ref> |
</ref> |
||
Many whole-disk encryption systems—BestCrypt, dm-crypt, FreeOTFE, TrueCrypt, DiskCryptor, FreeBSD's geli, OpenBSD softraid disk encryption software, and Mac OS X Lion's FileVault 2 -- support XEX-based tweaked-codebook mode with ciphertext stealing (XTS). |
Many whole-disk encryption systems—BestCrypt, dm-crypt, FreeOTFE, TrueCrypt, DiskCryptor, FreeBSD's geli, OpenBSD softraid disk encryption software, and Mac OS X Lion's FileVault 2 -- support XEX-based tweaked-codebook mode with ciphertext stealing (XTS mode). |
||
{{cryptography navbox|block}} |
{{cryptography navbox|block}} |
||
Revision as of 18:17, 21 March 2016
The xor-encrypt-xor (XEX) is a (tweakable) mode of operation of a block cipher. XEX-based tweaked-codebook mode with ciphertext stealing (XTS mode) is one of the more popular modes of operation for whole-disk encryption.
XEX is a common form of key whitening.
XEX is part of some smart card proposals.[1][2]
History
In 1984, to protect DES against exhaustive search attacks, Ron Rivest proposed DESX: XOR a prewhitening key to the plaintext, encrypt the result with DES using a secret key, and then XOR a postwhitening key to the encrypted result to produce the final ciphertext.[3]
In 1991, motivated by Rivest's DESX construction, Even and Mansour proposed a much simpler scheme (the "two-key Even-Mansour scheme"), which they suggested was perhaps the simplest possible block cipher: XOR the plaintext with a prewhitening key, apply a publicly known unkeyed permutation (in practice, a pseudorandom permutation) to the result, and then XOR a postwhitening key to the permuted result to produce the final ciphertext.[3][4]
Orr Dunkelman, Nathan Keller, and Adi Shamir later proved it was possible to simplify the Even-Mansour scheme even further and still retain the same provable security, producing the "single-key Even-Mansour scheme": XOR the plaintext with the key, apply a publicly known unkeyed permutation to the result, and then XOR the same key to the permuted result to produce the final ciphertext.[3]
Rogaway used XEX to allow efficient processing of consecutive blocks (with respect to the cipher used) within one data unit (e.g., a disk sector) for whole-disk encryption.[5]
Many whole-disk encryption systems—BestCrypt, dm-crypt, FreeOTFE, TrueCrypt, DiskCryptor, FreeBSD's geli, OpenBSD softraid disk encryption software, and Mac OS X Lion's FileVault 2 -- support XEX-based tweaked-codebook mode with ciphertext stealing (XTS mode).
References
- ^ Barış Ege, Elif Bilge Kavun, and Tolga Yalçın. "Memory Encryption for Smart Cards". 2011.
- ^ Emmanuel Prouff. "Smart Card Research and Advanced Applications". 2011. p. 201.
- ^ a b c Orr Dunkelman, Nathan Keller, and Adi Shamir. "Minimalism in Cryptography: The Even-Mansour Scheme Revisited".
- ^ Joan Daemen , Laboratorium Esat. "Limitations of the Even-Mansour Construction". 1992. doi:10.1007/3-540-57332-1_46
- ^ Rogaway, Phillip (2004-09-24). "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC" (PDF).
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |