NIST approves an additional mode for using encryption standard
- By William Jackson
- Jan 28, 2010
An additional mode of operation for using the Advanced Encryption Standard to secure data stored on government systems has been approved by the National Institute of Standards and Technology.
The XTS-AES standard was developed by the Institute of Electrical and Electronics Engineers as IEEE Std. 1619-2007. NIST has approved this standard as specified for government use, with one additional requirement on the lengths of data units.
Cryptographic showdown, round 2
NIST upgrades guidelines for cryptographic key management
The NIST approval comes in Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, the fifth in a series of recommendations regarding modes of operation of symmetric key block ciphers. Part A of the series covers methods and techniques; B, the CMAC mode for authentication of data; C, the CCM Mode for authentication and confidentiality; and D, the Galois/Counter Mode.
The XTS-AES mode specified in part E is intended for securing data in storage only -- not data in transit -- and does not provide authentication of either the data or its source.
XTS refers to XEX Tweakable Block Cipher with Ciphertext Stealing. Ciphertext stealing is a method for extending the domain of possible input data strings. Specifically, it allows the encryption of a final block sequence in a data string that is not completely filled with 128 bits. The additional requirement made by NIST in approving the XTS-AES mode is to limit the length of the data unit being encrypted to 2-to-the-20th power AES blocks. This limit is recommended in the IEEE standard, but is not required.
William Jackson is freelance writer and the author of the CyberEye blog.