Xor–encrypt–xor
   HOME

TheInfoList



Click Here for Items Related To - Xor–encrypt–xor
OR:
Xor–encrypt–xor on:   [Wikipedia]   [Google]   [Amazon]

The xor–encrypt–xor (XEX) is a (tweakable) mode of operation of a block cipher. In tweaked-codebook mode with ciphertext stealing (
XTS mode Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussio ...
), it is one of the more popular modes of operation for whole-disk encryption. XEX is also a common form of key whitening, and part of some
smart card A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
proposals.


History

In 1984, to protect DES against exhaustive search attacks,
Ron Rivest Ronald Linn Rivest (; born May 6, 1947) is an American cryptographer and computer scientist whose work has spanned the fields of algorithms and combinatorics, cryptography, machine learning, and election integrity. He is an Institute Profess ...
proposed DESX: XOR a pre- whitening key to the plaintext, encrypt the result with DES using a secret key, and then XOR a postwhitening key to the encrypted result to produce the final ciphertext.
Orr Dunkelman Orr Dunkelman () is an Israeli cryptographer and cryptanalyst, currently a professor at the University of Haifa Computer Science department. Dunkelman is a co-director of the Center for Cyber Law & Privacy at the University of Haifa and a co-found ...
, Nathan Keller, and Adi Shamir
"Minimalism in Cryptography: The Even–Mansour Scheme Revisited"
 In 1991, motivated by Rivest's DESX construction, Even and Mansour proposed a much simpler scheme (the "two-key Even–Mansour scheme"), which they suggested was perhaps the simplest possible block cipher: XOR the plaintext with a prewhitening key, apply a publicly known unkeyed permutation (in practice, a
pseudorandom permutation In cryptography, a pseudorandom permutation (PRP) is a function that cannot be distinguished from a random permutation (that is, a permutation selected at random with uniform probability, from the family of all permutations on the function's domai ...
) to the result, and then XOR a postwhitening key to the permuted result to produce the final ciphertext. Studying simple Even–Mansour style block ciphers gives insight into the security of
Feistel cipher In cryptography, a Feistel cipher (also known as Luby–Rackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel, who did pioneering resear ...
s (DES-like ciphers) and helps understand
block cipher In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...
design in general.
Orr Dunkelman Orr Dunkelman () is an Israeli cryptographer and cryptanalyst, currently a professor at the University of Haifa Computer Science department. Dunkelman is a co-director of the Center for Cyber Law & Privacy at the University of Haifa and a co-found ...
, Nathan Keller, and Adi Shamir later proved it was possible to simplify the Even–Mansour scheme even further and still retain the same provable security, producing the "single-key Even–Mansour scheme": XOR the plaintext with the key, apply a publicly known unkeyed permutation to the result, and then XOR the same key to the permuted result to produce the final ciphertext. Orr Dunkelman; Nathan Keller; and Adi Shamir
"Eurocrypt 2012: Minimalism in Cryptography: The Even-Mansour Scheme Revisited"
 In 2004, Rogaway presented the XEX scheme with key and location-dependent "tweaks": Rogaway used XEX to allow efficient processing of consecutive blocks (with respect to the cipher used) within one data unit (e.g., a disk sector) for whole-disk encryption. Many whole-disk encryption systems – BestCrypt, dm-crypt,
FreeOTFE FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile (using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written i ...
,
TrueCrypt TrueCrypt is a discontinued source-available freeware utility software, utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a Disk partitioning, partition, or encrypt the whole Data storag ...
, DiskCryptor, FreeBSD's geli, OpenBSD softraid disk encryption software, and Mac OS X Lion's
FileVault FileVault is a disk encryption program in Mac OS X 10.3 Panther (2003) and later. It performs on-the-fly encryption with volumes on Mac computers. Versions and key features FileVault was introduced with Mac OS X 10.3 Panther, and could o ...
2 – support XEX-based tweaked-codebook mode with ciphertext stealing (
XTS mode Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device (e.g., a hard disk). This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussio ...
).


References

Block cipher modes of operation Key management {{crypto-stub