An Inverse-Free Single-Keyed Tweakable Enciphering Scheme

“…It did not provide any specific instantiation or implementation. Subsequent to [37], the constructions AEZ [25] and FMix [7] proposed single key TESs using only the encryption function of the block cipher. FMix is a sequential scheme while AEZ is parallelisable.…”

“…As mentioned earlier, the conceptual possibility of constructing a TES from a PRF (and hence using only the encryption function of a block cipher) has been suggested earlier [37]. The constructions AEZ [25] and FMix [7] are also TESs constructed from a PRF. The possibility of constructing TESs from stream ciphers has been considered [37].…”

“…From the descriptions of FAST.Encrypt K (T, P ) and FAST.Decrypt K (T, C) in Table 1, the following two facts are easy to verify. For K ∈ K, T ∈ T and P ∈ P, FAST.Decrypt K (T, FAST.Encrypt K (T, P )) = P ; (7) len (FAST.Encrypt K (T, P )) = len(P ). (8) From (7), it follows that the decryption function of FAST is the inverse of the encryption function, while (8) shows that the length of the ciphertext produced by the encryption function is equal to the length of the plaintext.…”

“…FMix [7] 2m + 1 -hash-enc-hash XCB [27] m + 1 2(m + 3) -HCTR [38] m 2(m + 1) -HCHfp [14] m + 2 2(m − 1) -TET [21] m + 1 2m 2(m − 1) HEH-BRW [36] m + 1 2 + 2 (m − 1)/2 2(m − 1) TESX with BRW [37] m…”

“…More importantly, this work presents detailed software implementations of different instantiations of FAST and thereby actually demonstrates the advantages of the new proposal in comparison to the previous works. Another class of block cipher based TESs such as CMC [23], EME [24,20] (the scheme EME2 is essentially EME * [20]), AEZ [25] and FMix [7] essentially uses several layers of encryption using a mode of operation of a block cipher. CMC, EME and FMix use two layers of encryption whereas AEZ uses three layers of encryption.…”

${\sf {FAST}}$: Disk encryption and beyond

“…It did not provide any specific instantiation or implementation. Subsequent to [37], the constructions AEZ [25] and FMix [7] proposed single key TESs using only the encryption function of the block cipher. FMix is a sequential scheme while AEZ is parallelisable.…”

“…As mentioned earlier, the conceptual possibility of constructing a TES from a PRF (and hence using only the encryption function of a block cipher) has been suggested earlier [37]. The constructions AEZ [25] and FMix [7] are also TESs constructed from a PRF. The possibility of constructing TESs from stream ciphers has been considered [37].…”

“…From the descriptions of FAST.Encrypt K (T, P ) and FAST.Decrypt K (T, C) in Table 1, the following two facts are easy to verify. For K ∈ K, T ∈ T and P ∈ P, FAST.Decrypt K (T, FAST.Encrypt K (T, P )) = P ; (7) len (FAST.Encrypt K (T, P )) = len(P ). (8) From (7), it follows that the decryption function of FAST is the inverse of the encryption function, while (8) shows that the length of the ciphertext produced by the encryption function is equal to the length of the plaintext.…”

“…FMix [7] 2m + 1 -hash-enc-hash XCB [27] m + 1 2(m + 3) -HCTR [38] m 2(m + 1) -HCHfp [14] m + 2 2(m − 1) -TET [21] m + 1 2m 2(m − 1) HEH-BRW [36] m + 1 2 + 2 (m − 1)/2 2(m − 1) TESX with BRW [37] m…”

“…More importantly, this work presents detailed software implementations of different instantiations of FAST and thereby actually demonstrates the advantages of the new proposal in comparison to the previous works. Another class of block cipher based TESs such as CMC [23], EME [24,20] (the scheme EME2 is essentially EME * [20]), AEZ [25] and FMix [7] essentially uses several layers of encryption using a mode of operation of a block cipher. CMC, EME and FMix use two layers of encryption whereas AEZ uses three layers of encryption.…”

${\sf {FAST}}$: Disk encryption and beyond

Tweakable HCTR: A BBB Secure Tweakable Enciphering Scheme

Efficient and Reliable Error Detection Architectures of Hash-Counter-Hash Tweakable Enciphering Schemes