LRW Issue
From the year 2004 to the year 2006, drafts of the P1619 standards were using AES in LRW mode. In the Aug 30, 2006 meeting of the SISWG, a straw poll showed that most members would not approve P1619 "as is". Consequently, LRW-AES has been replaced by the XEX-AES tweakable block cipher in P1619.0 Draft 7 (and renamed to XTS-AES in Draft 11). Some members of the group found it non-trivial to abandon LRW, because it had been available for public peer-review for many years (unlike most of the newly suggested variants). The issues of LRW were:
- An attacker can derive the LRW tweak key K2 from the ciphertext if the plaintext contains K2||0n or 0n||K2. Here || is the concatenation operator and 0n is a zero block. This may be an issue for software that encrypts the partition of an operating system under which this encryption software is running (at the same time). The operating system could write the LRW tweak key to encrypted swap/hibernation file.
- If the tweak key K2 is known, LRW does not offer indistinguishability under chosen plaintext attack (IND-CPA) anymore, and the same input block permutation attacks of ECB mode are possible. Leak of the tweak key does not have an impact on the confidentiality of the plaintext.
Read more about this topic: IEEE P1619
Famous quotes containing the word issue:
“Because of these convictions, I made a personal decision in the 1964 Presidential campaign to make education a fundamental issue and to put it high on the nation’s agenda. I proposed to act on my belief that regardless of a family’s financial condition, education should be available to every child in the United States—as much education as he could absorb.”
—Lyndon Baines Johnson (1908–1973)