On one Block Cipher Mode of Operation Used to Protect Data on Block-Oriented Storage Devices

Abstract

Read online

This research purpose is to develop a reduction-based method for analysis of cryptographic properties of block cipher modes of operation in context of full disk encryption (FDE) via provable security technique, to study weaknesses of widely spread among existing FDE solutions mode XTS through building an adversary, that breaks security of XTS, and then to create a variation of the mode, that fixes detected weaknesses. This new mode of operation is called XEH (Xor-Encrypt-Hash) and it uses “light-weight” polynomial permutation for mixing blocks of a sector after their “XTS-like” encryption. The proposed block cipher mode of operation does not require any space for additional data, and it allows us to use it for system disk encryption, unlike DEC mode proposed in the end of 2021 by TC 26. XEH was proved to be secure in a provable security model, which is described in this paper. This mode is compared with the existing ones, which can be used to encrypt block-oriented devices: it was shown, that XEH provides higher security bound, than other compared modes, and involves almost no degradation in performance with respect to XTS.

Keywords

• full disk encryption
• block cipher modes of operation
• block ciphers
• symmetric cryptography
• data encryption
• block-oriented storage devices
• provable security