XTS Paper on Cryptologia

From Mavaball

This page contains working notes on a paper being submitted to the Journal of Cryptologia on the XTS block cipher.

Contents 1 Authors 2 Abstract 3 Outline and tasks 4 Links: 5 References 6 Notes 6.1 Reader Prerequisites 6.2 Document format 6.3 Schedule

Authors

• Matthew V. Ball, Oracle Corporation (through Sun Microsystems acquisition)
• Cyril Guyot, Hitachi GST
• James P. Hughes, Huawei
• Luther Martin, Voltage Security
• Landon Curt Noll, Cisco Systems

Abstract

(TBD) This paper discusses the security of the XTS (XEX with Tweak and Ciphertext Stealing) mode-of-operation. This includes a security proof for the ciphertext stealing

Outline and tasks

Proposed outline for paper and work breakdown:

1. Describe XTS (Luther).
   1. Rogaway's XEX construction
   2. What a tweak is and how one can be used securely
   3. How CTS works
2. Discuss the security of XTS (Matt)
3. Provide formal proof for the security of ciphertext stealing in the XTS construct (Cyril)

Jim and Landon: Consolidation and editing

Links:

• Journal of Cryptologia
• Cryptologia Author's Instructions

References

• Ciphertext Stealing: _Cryptography_ by Meyer and Matyas (1982)

Notes

Reader Prerequisites

We assume that the reader is familiar with the AES block cipher, especially as it operates in ECB mode. We assume the reader does not know about Tweakable block ciphers, Rogaway's XEX construction, or ciphertext stealing.

Document format

The group will use LaTeX for writing the paper.

Schedule

We will attempt to have the first draft ready by the end of May 2009.