Security of XCB and HCTR

TL;DR

This paper improves the security bounds of XCB encryption schemes, introduces a modified version with enhanced security, and analyzes vulnerabilities and attacks on XCB and HCTR schemes.

Contribution

It reduces the security bound constant of XCB schemes from 2^{22} to 2^{5} and proposes a modified XCB with better security, along with analyzing attacks on XCB and HCTR.

Findings

Security bound constant reduced from 2^{22} to 2^{5}

Modified XCB (MXCB) offers improved security

Identified vulnerabilities and attacks on XCB and HCTR

Abstract

Tweakable Enciphering Scheme (TES) is a length preserving scheme which provides confidentiality and admissible integrity. XCB (Extended Code Book) is a TES which was introduced in 2004. In 2007, it was modified and security bound was provided. Later, these two versions were referred to as XCBv1 and XCBv2 respectively. XCBv2 was proposed as the IEEE-std 1619.2 2010 for encryption of sector oriented storage media. In 2013, first time Security bound of XCBv1 was given and XCBv2's security bound was enhanced. A constant of $2^{22}$ appears in the security bounds of the XCBv1 and XCBv2. We showed that this constant of $2^{22}$ can be reduced to $2^{5}$. Further, we modified the XCB (MXCB) scheme such that it gives better security bound compared to the present XCB scheme. We also analyzed some weak keys attack on XCB and a type of TES known as HCTR (proposed in 2005). We performed distinguishing attack and the hash key recovery attack on HCTR. Next, we analyzed the dependency of the two different keys in HCTR.