The EMD Mode of Operation (A Tweaked, Wide-Blocksize, Strong PRP)

Phillip Rogaway

Paper 2002/148

The EMD Mode of Operation (A Tweaked, Wide-Blocksize, Strong PRP)

Phillip Rogaway

Abstract

We describe a block-cipher mode of operation, EMD, that builds a strong pseudorandom permutation (PRP) on $n m$ bits ( $m \geq 2$ ) out of a strong PRP on $n$ bits (i.e., a block cipher). The constructed PRP is also tweaked (in the sense of [LRW02]): to determine the -bit ciphertext block one provides, besides the key and the -bit plaintext block , an -bit tweak . The mode uses block-cipher calls and no other complex or computationally expensive steps (such as universal hashing). Encryption and decryption are identical except that encryption uses the forward direction of the underlying block cipher and decryption uses the backwards direction. We suggest that EMD provides an attractive solution to the disk-sector encryption problem, where one wants to encipher the contents of an -bit disk sector in a way that depends on the sector index and is secure against chosen-plaintext/chosen-ciphertext attack.

Metadata

Available format(s): PDF PS
Category: Secret-key cryptography
Publication info: Published elsewhere. Unknown where it was published
Keywords: block-cipher usage modes of operation
Contact author(s): rogaway @ cs ucdavis edu
History: 2003-02-25: last of 3 revisions; 2002-09-27: received; See all versions
Short URL: https://ia.cr/2002/148
License: CC BY

BibTeX

@misc{cryptoeprint:2002/148,
      author = {Phillip Rogaway},
      title = {The {EMD} Mode of Operation (A Tweaked, Wide-Blocksize, Strong {PRP})},
      howpublished = {Cryptology {ePrint} Archive, Paper 2002/148},
      year = {2002},
      url = {https://eprint.iacr.org/2002/148}
}