Welcome to the resource topic for 2002/148
Title:
The EMD Mode of Operation (A Tweaked, Wide-Blocksize, Strong PRP)
Authors: Phillip Rogaway
Abstract:We describe a block-cipher mode of operation, EMD,
that builds a strong pseudorandom permutation (PRP)
on nm bits (m\ge2) out of
a strong PRP on n bits (i.e., a block cipher).
The constructed PRP is also tweaked
(in the sense of [LRW02]):
to determine the nm-bit ciphertext block C=\E_K^T(P)
one provides, besides the key K and the nm-bit plaintext block P, an n-bit tweak T.
The mode uses 2m block-cipher calls and
no other complex or computationally expensive steps
(such as universal hashing).
Encryption and decryption are identical except that encryption uses the
forward direction of the underlying block cipher and decryption uses the backwards
direction.
We suggest that EMD provides an attractive solution to the
disk-sector encryption problem, where one wants to encipher
the contents of an nm-bit disk sector in a way that
depends on the sector index and is secure against
chosen-plaintext/chosen-ciphertext attack.
ePrint: https://eprint.iacr.org/2002/148
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .