### An observation regarding Jutla's modes of operation

Shai Halevi

##### Abstract

Recently, Jutla suggested two new modes of operation for block ciphers. These modes build on traditional CBC and ECB modes, respectively, but add to them masking of the outputs and inputs. Jutla proved that these masking operations considerably strengthen CBC and ECB modes. In particular, together with a simple checksum, the modified modes ensure not only confidentiality, but also authenticity. Similar modes were also suggested by Gligor and Donsecu and by Rogaway. In Jutla's proposal (as well as in some of the other proposals), the masks themselves are derived from an IV via the same block cipher as used for the encryption (perhaps with a different key). In this work we note, however, that the function for deriving these masks need not be cryptographic at all. In particular, we prove that a universal hash function (a-la-Carter-Wegman) is sufficient for this purpose.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
block ciphersmodes of operation
Contact author(s)
shaih @ watson ibm com
History
2001-04-02: last of 2 revisions
See all versions
Short URL
https://ia.cr/2001/015

CC BY

BibTeX

@misc{cryptoeprint:2001/015,
author = {Shai Halevi},
title = {An observation regarding Jutla's modes of operation},
howpublished = {Cryptology ePrint Archive, Paper 2001/015},
year = {2001},
note = {\url{https://eprint.iacr.org/2001/015}},
url = {https://eprint.iacr.org/2001/015}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.