Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

XCB-32-AES for wide-block encryption

To: Jim Hughes <jim@xxxxxxxxxxx>, SISWG <stds-p1619@xxxxxxxx>
Subject: XCB-32-AES for wide-block encryption
From: Fabio Maino <fmaino@xxxxxxxxx>
Date: Tue, 26 Oct 2004 08:51:53 -0700
Cc: David A McGrew <mcgrew@xxxxxxxxx>, Scott Fluhrer <sfluhrer@xxxxxxxxx>
Sender: owner-stds-p1619@xxxxxxxxxxxxxxxxx


Jim,
I'd like to submit to the attention of the group a proposal for wide block
encryption based on Extended Codebook (XCB), an algorithm for malleable
encryption designed by David McGrew and Scott Fluhrer.

We think that the proposal has significative advantages in term of
complexity with regard to EME and ABL, and we would like the group to
consider this approach for wide-block encryption. XCB is patented by the
authors, but the cisco legal office is willing to release to IEEE a
"reasonable/non-discriminatory" letter.

Could you please schedule some time in the agenda for a discussion on XCB?

Please find enclosed the original XCB paper, that has been submitted
yesterday to the IACR ePrint archive, and a possible draft document for
XCB-32-AES that shows how it could be used  for wide-block encryption (I've
unabashedly lifted most of the sections from Shai and Clement documents for
the latter).

Thanks in advance,
Fabio




>Date: Mon, 25 Oct 2004 15:42:58 -0700
>To: Jim Hughes <jim@network.com>, Shai Halevi <shaih@alum.mit.edu>,
>"Clement Kent" <C.Kent@Kastenchase.com>
>From: Fabio Maino <fmaino@cisco.com>
>Subject: XCB for malleable encryption
>Cc: David A McGrew <mcgrew@cisco.com>
>
>Jim, Shai, and Clement,
>enclosed are few documents that I'd like to bring to the attention of the
>group, but I wanted to give you a chance to have a look at them before
>sending them to a wider audience.
>
>While David was working with the ABL proof, he discussed the problem of
>malleable encryption with Scott Fluhrer, another Cisco employee. They came
>out with an original approach to malleable encryption that they have been
>later refined and called XCB (Extended Codebook). XCB seems to have
>advantages in term of complexity both over EME than ABL. The document
>enclosed, that has been submitted today to the IACR eprint archive, gives
>a sketch proof of its security.
>
>The position of the Cisco legal office is that Cisco will release to IEEE
>a "reasonable/non-discriminatory" letter for XCB (that is NOT in the
>public domain), but we believe that it's nevertheless worthy to be
>considered by the group on the base of its technical content.
>
>To allow a better comparison with EME I've re-mapped the EME draft on an
>XCB draft (I have done a lot of cut and paste from Shai and Clement docs),
>that is enclosed and that I would like to submit tomorrow to the attention
>of the group (It's been just completed, I need to read it again a couple
>of time, first).
>
>C-code is part of the XCB-32-AES doc, while test vectors are in appendix A
>of the XCB mode paper.
>
>Please let me know your comments, if any.
>
>Thanks,
>Fabio
>
>
>

xcb-mode-041.pdf

XCB-32-AES.doc

Follow-Ups:
- Re: XCB-32-AES for wide-block encryption
  - From: James Hughes

Prev by Date: RE: XCB-32-AES for wide-block encryption
Next by Date: Key backup document
Prev by thread: Re: Agenda for Friday's meeting?
Next by thread: Re: XCB-32-AES for wide-block encryption
Index(es):
- Date
- Thread