Our mode is similar to a five-round Luby-Rackoff cipher in which the first and last rounds do not use the conventional Feistel structure, but instead use a single block cipher invocation. The third round is a Feistel structure using counter mode as a PRF. The second and fourth rounds are Feistel structures using a universal hash function; we re-use the polynomial hash over a binary field defined in the Galois/Counter Mode (GCM) of operation for block ciphers. This choice provides efficiency in both hardware and software and allows for re-use of implementation effort. XCB also has several useful properties: it accepts arbitrarily-sized plaintexts and associated data, including any plaintexts with lengths that are no smaller than the width of the block cipher.
This document is a pre-publication draft manuscript.
Category / Keywords: secret-key cryptography / Date: received 25 Oct 2004 Contact author: mcgrew at cisco com Available formats: PDF | BibTeX Citation Version: 20041030:154637 (All versions of this report) Discussion forum: Show discussion | Start new discussion