Paper 2003/106

CWC: A high-performance conventional authenticated encryption mode

Tadayoshi Kohno, John Viega, and Doug Whiting


We introduce CWC, a new block cipher mode of operation for protecting both the privacy and the authenticity of encapsulated data. CWC is currently the only such mode having all five of the following properties: provable security, parallelizability, high performance in hardware, high performance in software, and no intellectual property concerns. We believe that having all five of these properties makes CWC a powerful tool for use in many performance-critical cryptographic applications. CWC is also the only appropriate solution for some applications; e.g., standardization bodies like the IETF and NIST prefer patent-free modes, and CWC is the only such mode capable of processing data at 10Gbps in hardware, which will be important for future IPsec (and other) network devices. As part of our design, we also introduce a new parallelizable universal hash function optimized for performance in both hardware and software.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
modes of operationauthenticated encryption
Contact author(s)
tkohno @ cs ucsd edu
2004-01-16: last of 3 revisions
2003-05-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tadayoshi Kohno and John Viega and Doug Whiting},
      title = {{CWC}: A high-performance conventional authenticated encryption mode},
      howpublished = {Cryptology ePrint Archive, Paper 2003/106},
      year = {2003},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.