Cryptology ePrint Archive: Report 2001/015

An observation regarding Jutla's modes of operation

Shai Halevi

Abstract: Recently, Jutla suggested two new modes of operation for block ciphers. These modes build on traditional CBC and ECB modes, respectively, but add to them masking of the outputs and inputs. Jutla proved that these masking operations considerably strengthen CBC and ECB modes. In particular, together with a simple checksum, the modified modes ensure not only confidentiality, but also authenticity. Similar modes were also suggested by Gligor and Donsecu and by Rogaway.

In Jutla's proposal (as well as in some of the other proposals), the masks themselves are derived from an IV via the same block cipher as used for the encryption (perhaps with a different key). In this work we note, however, that the function for deriving these masks need not be cryptographic at all. In particular, we prove that a universal hash function (a-la-Carter-Wegman) is sufficient for this purpose.

Category / Keywords: secret-key cryptography / block ciphers, modes of operation

Date: received 22 Feb 2001, last revised 2 Apr 2001

Contact author: shaih at watson ibm com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20010515:150429 (All versions of this report)

Short URL: ia.cr/2001/015

Discussion forum: Show discussion | Start new discussion