AES-XTS in Cryptologia


It looks like a paper that I wrote with Matt Ball (Google), Cyril Guyot (Hitachi), Jim Hughes (Huawei) and Landon Noll (Cisco) will be appearing in a forthcoming issue of Cryptologia. The current title of this paper is "The AES-XTS Disk Encryption Algorithm and the Security of Ciphertext Stealing," although that's certainly subject to change.

AES-XTS is a product of the IEEE Security in Storage Working Group and is one of the few modes of AES that has been approved (PDF) for government use by NIST. The Cryptologia paper will describe both the motivation for creating AES-XTS and its proof of security, and if you have more than a casual interest in AEX-XTS, it might be worth tracking down once it's out.

AES-XTS is a mode of AES that's meant to be used to encrypt hard drives. It's particularly useful for this because it encrypts sectors of a disk in a way that creates a ciphertext that's the same size as the original plaintext disk sector. In other words, it's a format-preserving mode of AES, much like the AES-FFX mode that NIST is now considering.  

Leave a Reply

Your email address will not be published. Required fields are marked *