Cryptology ePrint Archive: Report 2003/147

A Parallelizable Enciphering Mode

Shai Halevi and Phillip Rogaway

Abstract: We describe a block-cipher mode of operation, EME, that turns an n-bit block cipher into a tweakable enciphering scheme that acts on strings of mn bits, where m \in [1..n]. The mode is parallelizable, but as serial-efficient as the non-parallelizable mode CMC. EME can be used to solve the disk-sector encryption problem. The algorithm entails two layers of ECB encryption and a "lightweight mixing" in between. We prove EME secure, in the reduction-based sense of modern cryptography. We motivate some of the design choices in EME by showing that a few simple modifications of this mode are insecure.

Category / Keywords: secret-key cryptography / Block-cipher usage, cryptographic standards, disk encryption, modes of operation, provable security, sector-level encryption, symmetric encryption.

Date: received 28 Jul 2003

Contact author: shaih at watson ibm com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20030728:190628 (All versions of this report)

Short URL: ia.cr/2003/147

Discussion forum: Show discussion | Start new discussion