International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

An observation regarding Jutla's modes of operation

Authors:
Shai Halevi
Download:
URL: http://eprint.iacr.org/2001/015
Search ePrint
Search Google
Abstract: Recently, Jutla suggested two new modes of operation for block ciphers. These modes build on traditional CBC and ECB modes, respectively, but add to them masking of the outputs and inputs. Jutla proved that these masking operations considerably strengthen CBC and ECB modes. In particular, together with a simple checksum, the modified modes ensure not only confidentiality, but also authenticity. Similar modes were also suggested by Gligor and Donsecu and by Rogaway. In Jutla's proposal (as well as in some of the other proposals), the masks themselves are derived from an IV via the same block cipher as used for the encryption (perhaps with a different key). In this work we note, however, that the function for deriving these masks need not be cryptographic at all. In particular, we prove that a universal hash function (a-la-Carter-Wegman) is sufficient for this purpose.
BibTeX
@misc{eprint-2001-11427,
  title={An observation regarding Jutla's modes of operation},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / block ciphers, modes of operation},
  url={http://eprint.iacr.org/2001/015},
  note={ shaih@watson.ibm.com 11414 received 22 Feb 2001, last revised 2 Apr 2001},
  author={Shai Halevi},
  year=2001
}