[P1619-2] Some text for the Introduction of 1619.2
I put together a few paragraphs for the introduction of 1619.2. This
text explains the relations between .2 and .0 (and in particular also
the differences). It is, however, quite "dry" and technical, so it
would be nice if people can propose 1-2 more sentences. Maybe something
about how the difference between .2 and .0 is expressed in potential
applications?
-- Shai
Introduction:
The purpose of this standard, similarly to IEEE-1619-2007, is to
describe a method of encryption for data stored in sector-based devices,
where the threat model includes possible access to stored data by the
adversary. As in IEEE-1619-2007, this standard specifies
length-preserving encryption transforms to be applied to the plaintext
sector before storing it on the storage media.
Differently from IEEE-1619-2007, the encryption transforms that are
specified in this standard are "wide block encryption". This means that
they act on the whole sector at once, where each bit on the input
plaintext influences every bit of the output ciphertext (and vise-versa
for decryption). In particular, this standard specifies the EME2-AES and
the XCB-AES wide-block encryption transforms.
Wide-block encryption can provide better protection than the
narrow-block encryption from IEEE-1619-2007 against attacks that involve
traffic analysis and/or manipulations of ciphertext on the raw storage
media.