Paper 2019/825

Plaintext Recovery Attacks against XTS Beyond Collisions

Takanori Isobe and Kazuhiko Minematsu

Abstract

XTS is an encryption scheme for storage devices standardized by IEEE and NIST. It is based on Rogaway's XEX tweakable block cipher and is known to be secure up to the collisions between the blocks, thus up to around $2^{n/2}$ blocks for $n$-bit blocks. However this only implies that the theoretical indistinguishability notion is broken with $O(2^{n/2})$ queries and does not tell the practical risk against the plaintext recovery if XTS is targeted. We show several plaintext recovery attacks against XTS beyond collisions, and evaluate their practical impacts.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. SAC 2019
Keywords
XTSStorage encryptionMode of operationEven-Mansour Cipher
Contact author(s)
takanori isobe @ ai u-hyogo ac jp
k-minematsu @ ah jp nec com
History
2019-07-17: received
Short URL
https://ia.cr/2019/825
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/825,
      author = {Takanori Isobe and Kazuhiko Minematsu},
      title = {Plaintext Recovery Attacks against {XTS} Beyond Collisions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/825},
      year = {2019},
      url = {https://eprint.iacr.org/2019/825}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.