On One Block Cipher Mode of Operation Used to Protect Data on Block-Oriented Storage Devices

DOI: https://doi.org/10.25559/SITITO.18.202203.691-701

Abstract

This research’s purpose is to develop a reduction-based method for analysis of cryptographic properties of block cipher modes of operation in context of full disk encryption (FDE) via provable security technique, to study weaknesses of widely spread among existing FDE solutions mode XTS through building an adversary, that breaks security of XTS, and then to create a variation of the mode, that fixes found weaknesses. This new mode of operation is called XEH (Xor-Encrypt-Hash) and it uses “light-weight” polynomial permutation for mixing blocks of a sector after their “XTS-like” encryption.
The proposed block cipher mode of operation does not require any space for additional data, and it allows to use it for system disk encryption, unlike DEC mode proposed in the end of 2021 by TC 26. XEH was proved to be secure in a provable security model, that is described in this paper. This mode is compared with the existing ones, which can be used to encrypt block-oriented devices: it was shown, that XEH provides higher security bound, than other compared modes, and involves almost no degradation in performance with respect to XTS.

Author Biographies

Georgii Valentinovich Firsov, National Research Nuclear University MEPhI (Moscow Engineering Physics Institute); Securitycode

Master degree student of the Institute of Cyber Intelligence Systems; Senior Software Developer of the Department of Solutions Development for Servers and Workstations

Alisa Mikhailovna Koreneva, Financial University under the Government of the Russian Federation; Securitycode

Associate Professor of the Department of Information Security; Head of Cryptographic Analysis Department, Cand.Sci. (Phys.-Math.)

References

1. Chakraborty D., Henríquez F.R. Block Cipher Modes of Operation from a Hardware Implementation Perspective. In: Koç Ç.K. (ed.) Cryptographic Engineering. Boston, MA: Springer; 2009. p. 321-363. doi: https://doi.org/10.1007/978-0-387-71817-0_12
2. Sawka M., Niemiec M. A Sponge-Based Key Expansion Scheme for Modern Block Ciphers. Energies. 2022;15(19):6864. doi: https://doi.org/10.3390/en15196864
3. Chakraborty D., López C.M., Sarkar P. Disk encryption: do we need to preserve length? Journal of Cryptographic Engineering. 2018;8(1):49-69. doi: https://doi.org/10.1007/s13389-016-0147-0
4. Rogaway P. Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee P.J. (ed.) Advances in Cryptology – ASIACRYPT 2004. ASIACRYPT 2004. Lecture Notes in Computer Science. Vol. 3329. Berlin, Heidelberg: Springer; 2004. p. 16-31. doi: https://doi.org/10.1007/978-3-540-30539-2_2
5. Nawaz Y., Wang L., Ammour K. Processing Analysis of Confidential Modes of Operation. In: Wang G., Chen J., Yang L. (eds.) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2018. Lecture Notes in Computer Science. Vol. 11342. Cham: Springer; 2018. p. 98-110. doi: https://doi.org/10.1007/978-3-030-05345-1_8
6. Khati L., Mouha N., Vergnaud D. Full Disk Encryption: Bridging Theory and Practice. In: Handschuh H. (ed.) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science. Vol. 10159. Cham: Springer; 2017. p. 241-257. doi: https://doi.org/10.1007/978-3-319-52153-4_14
7. Gjøsteen K. Security Notions for Disk Encryption. In: di Vimercati S.d.C., Syverson P., Gollmann D. (eds.) Computer Security – ESORICS 2005. ESORICS 2005. Lecture Notes in Computer Science. Vol. 3679. Berlin, Heidelberg: Springer; 2005. p. 455-474. doi: https://doi.org/10.1007/11555827_26
8. Alekseev E.K., Akhmetzyanova L.R., Babueva A.A., Smyshlyaev S.V. Data Storage Security and Full Disk Encryption. Applied Discrete Mathematics. 2020;(49):78-97. (In Russ., abstract in Eng.) doi: https://doi.org/10.17223/20710410/49/6
9. Bhargavan K., Leurent G. On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS'16). New York, NY, USA: Association for Computing Machinery; 2016. p. 456-467. doi: https://doi.org/10.1145/2976749.2978423
10. Aizatulin M., Gordon A.D., Jürjens J. Extracting and verifying cryptographic models from C protocol code by symbolic execution. In: Proceedings of the 18th ACM conference on Computer and communications security (CCS'11). New York, NY, USA: Association for Computing Machinery; 2011. p. 331-340. doi: https://doi.org/10.1145/2046707.2046745
11. Rudnytskyi V., Korchenko O., Lada N., Ziubina R., Wieclaw L., Hamera L. Cryptographic encoding in modern symmetric and asymmetric encryption. Procedia Computer Science. 2022;207:54-63. doi: https://doi.org/10.1016/j.procs.2022.09.037
12. Wang Y., Kumar A., Ha Y. FPGA-based high throughput XTS-AES encryption/decryption for storage area network. In: 2014 International Conference on Field-Programmable Technology (FPT). Shanghai, China: IEEE Computer Society; 2014. p. 268-271. doi: https://doi.org/10.1109/FPT.2014.7082791
13. Rackoff C., Simon D.R. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum J. (ed.) Advances in Cryptology ‒ CRYPTO ’91. CRYPTO 1991. Lecture Notes in Computer Science. Vol. 576. Berlin, Heidelberg: Springer; 1992. p. 433-444. doi: https://doi.org/10.1007/3-540-46766-1_35
14. Dent A.W. Fundamental Problems in Provable Security and Cryptography. Philosophical Transactions: Mathematical, Physical and Engineering Sciences. 2006;364(1849):3215-3230. doi: https://doi.org/10.1098/rsta.2006.1895
15. Isobe T., Minematsu K. Plaintext Recovery Attacks Against XTS Beyond Collisions. In: Paterson K., Stebila D. (eds.) Selected Areas in Cryptography – SAC 2019. SAC 2019. Lecture Notes in Computer Science. Vol. 11959. Cham; Springer; 2020. p. 103-123. doi: https://doi.org/10.1007/978-3-030-38471-5_5
16. Liskov M., Rivest R.L., Wagner D. Tweakable Block Ciphers. In: Yung M. (ed.) Advances in Cryptology ‒ CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science. Vol. 2442. Berlin, Heidelberg: Springer; 2022. p. 31-46. doi: https://doi.org/10.1007/3-540-45708-9_3
17. Halevi S. Invertible Universal Hashing and the TET Encryption Mode. In: Menezes A. (ed.) Advances in Cryptology – CRYPTO 2007. CRYPTO 2007. Lecture Notes in Computer Science. Vol. 4622. Berlin, Heidelberg: Springer; 2007. p. 412-429. doi: https://doi.org/10.1007/978-3-540-74143-5_23
18. Gagné M., Lafourcade P., Lakhnech Y., Safavi-Naini R. Automated Security Proof for Symmetric Encryption Modes. In: Datta A. (ed.) Advances in Computer Science ‒ ASIAN 2009. Information Security and Privacy. ASIAN 2009. Lecture Notes in Computer Science. Vol. 5913. Berlin, Heidelberg: Springer; 2009. p. 39-53. doi: https://doi.org/10.1007/978-3-642-10622-4_4
19. Naor M., Reingold O. On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. Journal of Cryptology. 1999;12(1):29-66. doi: https://doi.org/10.1007/PL00003817
20. Dementiev R., Sanders P., Schultes D., Sibeyn J. Engineering an External Memory Minimum Spanning Tree Algorithm. In: Levy J.J., Mayr E.W., Mitchell. J.C. (eds.) Exploring New Frontiers of Theoretical Informatics. IFIP International Federation for Information Processing. Vol. 155. Boston, MA: Springer; 2004. p. 195-208. doi: https://doi.org/10.1007/1-4020-8141-3_17
21. Sarkar P. Efficient Tweakable Enciphering Schemes From (Block-Wise) Universal Hash Functions. IEEE Transactions on Information Theory. 2009;55(10):4749-4760. doi: https://doi.org/10.1109/TIT.2009.2027487
22. Halevi S., Rogaway P. A Tweakable Enciphering Mode. In: Boneh D. (ed.) Advances in Cryptology – CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science. Vol. 2729. Berlin, Heidelberg: Springer; 2003. p. 482-499. doi: https://doi.org/10.1007/978-3-540-45146-4_28
23. Bellare M ., Rogaway P. On the Construction of Variable-Input-Length Ciphers. In: Knudsen L. (ed.) Fast Software Encryption. FSE 1999. Lecture Notes in Computer Science. Vol. 1636. Berlin, Heidelberg: Springer; 1999. p. 231-244. doi: https://doi.org/10.1007/3-540-48519-8_17
24. Dolev D., Dwork C., Naor M. Non-malleable cryptography. SIAM Journal on Computing. 2000;30(2):391-437. doi: https://doi.org/10.1137/S0097539795291562
25. Sagheer A.M. Counter Mode Development for Block Cipher Operations. AL-Rafidain Journal of Computer Sciences and Mathematics. 2009;6(1):133-144. doi: https://doi.org/10.33899/csmj.2009.163772
Published
2022-10-24
How to Cite
FIRSOV, Georgii Valentinovich; KORENEVA, Alisa Mikhailovna. On One Block Cipher Mode of Operation Used to Protect Data on Block-Oriented Storage Devices. Modern Information Technologies and IT-Education, [S.l.], v. 18, n. 3, p. 691-701, oct. 2022. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/921>. Date accessed: 07 mar. 2026. doi: https://doi.org/10.25559/SITITO.18.202203.691-701.
Citation Formats
Issue
Vol 18 No 3 (2022): Modern Information Technologies and IT-education
Section
Theoretical and Practical Aspects of Cybersecurity
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing. 
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.