Paper 2007/298

The Security of the Extended Codebook (XCB) Mode of Operation

David A. McGrew and Scott R. Fluhrer

Abstract

The XCB mode of operation was outlined in 2004 as a contribution to the IEEE Security in Storage effort, but no security analysis was provided. In this paper, we provide a proof of security for XCB, and show that it is a secure tweakable (super) pseudorandom permutation. Our analysis makes several new contributions: it uses an algebraic property of XCB's internal universal hash function to simplify the proof, and it defines a nonce mode in which XCB can be securely used even when the plaintext is shorter than twice the width of the underlying block cipher. We also show minor modifications that improve the performance of XCB and make it easier to analyze. XCB is interesting because it is highly efficient in both hardware and software, it has no alignment restrictions on input lengths, it can be used in nonce mode, and it uses the internal functions of the Galois/Counter Mode (GCM) of operation, which facilitates design re-use and admits multi-purpose implementations.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. 14th Workshop on Selected Areas in Cryptography (SAC 2007)
Keywords
tweakable pseudorandom permutation
Contact author(s)
mcgrew @ cisco com
History
2007-08-07: received
Short URL
https://ia.cr/2007/298
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/298,
      author = {David A.  McGrew and Scott R.  Fluhrer},
      title = {The Security of the Extended Codebook ({XCB}) Mode of Operation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/298},
      year = {2007},
      url = {https://eprint.iacr.org/2007/298}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.