The xorâencryptâxor (XEX) is a (tweakable) mode of operation of a block cipher. In tweaked-codebook mode with ciphertext stealing ( XTS mode), it is one of the more popular modes of operation for whole-disk encryption. XEX is also a common form of key whitening, and part of some smart card proposals. [1] [2]
In 1984, to protect DES against exhaustive search attacks, Ron Rivest proposed DESX: XOR a pre- whitening key to the plaintext, encrypt the result with DES using a secret key, and then XOR a postwhitening key to the encrypted result to produce the final ciphertext. [3]
In 1991, motivated by Rivest's DESX construction, Even and Mansour proposed a much simpler scheme (the "two-key EvenâMansour scheme"), which they suggested was perhaps the simplest possible block cipher: XOR the plaintext with a prewhitening key, apply a publicly known unkeyed permutation (in practice, a pseudorandom permutation) to the result, and then XOR a postwhitening key to the permuted result to produce the final ciphertext. [3] [4]
Studying simple EvenâMansour style block ciphers gives insight into the security of Feistel ciphers (DES-like ciphers) and helps understand block cipher design in general. [5]
Orr Dunkelman, Nathan Keller, and Adi Shamir later proved it was possible to simplify the EvenâMansour scheme even further and still retain the same provable security, producing the "single-key EvenâMansour scheme": XOR the plaintext with the key, apply a publicly known unkeyed permutation to the result, and then XOR the same key to the permuted result to produce the final ciphertext. [3] [6]
In 2004, Rogaway presented the XEX scheme with key and location-dependent "tweaks": [7]
Rogaway used XEX to allow efficient processing of consecutive blocks (with respect to the cipher used) within one data unit (e.g., a disk sector) for whole-disk encryption. [7]
Many whole-disk encryption systems â BestCrypt, dm-crypt, FreeOTFE, TrueCrypt, DiskCryptor, FreeBSD's geli, OpenBSD softraid disk encryption software, and Mac OS X Lion's FileVault 2 â support XEX-based tweaked-codebook mode with ciphertext stealing ( XTS mode).
The xorâencryptâxor (XEX) is a (tweakable) mode of operation of a block cipher. In tweaked-codebook mode with ciphertext stealing ( XTS mode), it is one of the more popular modes of operation for whole-disk encryption. XEX is also a common form of key whitening, and part of some smart card proposals. [1] [2]
In 1984, to protect DES against exhaustive search attacks, Ron Rivest proposed DESX: XOR a pre- whitening key to the plaintext, encrypt the result with DES using a secret key, and then XOR a postwhitening key to the encrypted result to produce the final ciphertext. [3]
In 1991, motivated by Rivest's DESX construction, Even and Mansour proposed a much simpler scheme (the "two-key EvenâMansour scheme"), which they suggested was perhaps the simplest possible block cipher: XOR the plaintext with a prewhitening key, apply a publicly known unkeyed permutation (in practice, a pseudorandom permutation) to the result, and then XOR a postwhitening key to the permuted result to produce the final ciphertext. [3] [4]
Studying simple EvenâMansour style block ciphers gives insight into the security of Feistel ciphers (DES-like ciphers) and helps understand block cipher design in general. [5]
Orr Dunkelman, Nathan Keller, and Adi Shamir later proved it was possible to simplify the EvenâMansour scheme even further and still retain the same provable security, producing the "single-key EvenâMansour scheme": XOR the plaintext with the key, apply a publicly known unkeyed permutation to the result, and then XOR the same key to the permuted result to produce the final ciphertext. [3] [6]
In 2004, Rogaway presented the XEX scheme with key and location-dependent "tweaks": [7]
Rogaway used XEX to allow efficient processing of consecutive blocks (with respect to the cipher used) within one data unit (e.g., a disk sector) for whole-disk encryption. [7]
Many whole-disk encryption systems â BestCrypt, dm-crypt, FreeOTFE, TrueCrypt, DiskCryptor, FreeBSD's geli, OpenBSD softraid disk encryption software, and Mac OS X Lion's FileVault 2 â support XEX-based tweaked-codebook mode with ciphertext stealing ( XTS mode).