CWC mode
From HandWiki
Short description: Authenticated encryption mode for block ciphers
In cryptography, CWC Mode (Carter–Wegman + CTR mode) is an AEAD block cipher mode of operation that provides both encryption and built-in message integrity, similar to CCM and OCB modes. It combines the use of CTR mode with a 128-bit block cipher for encryption with an efficient polynomial Carter–Wegman MAC with a tag length of at most 128 bits and is designed by Tadayoshi Kohno, John Viega and Doug Whiting.[1]
CWC mode was submitted to NIST[2] for standardization, but NIST opted for the similar GCM mode instead.[3]
Although GCM has weaknesses compared to CWC,[4] the GCM authors successfully argued for GCM.[5]
CWC allows the payload and associated data to be at most 232 - 1 blocks or nearly 550 GB.[1]
References
- ↑ 1.0 1.1 Kohno, Tadayoshi; Viega, John; Whiting, Doug (2004). "CWC: A High-Performance Conventional Authenticated Encryption Mode". Fast Software Encryption. Lecture Notes in Computer Science. 3017. pp. 408–426. doi:10.1007/978-3-540-25937-4_26. ISBN 9783540259374. https://link.springer.com/chapter/10.1007/978-3-540-25937-4_26.
- ↑ "NIST.gov - Computer Security Division - Computer Security Resource Center". August 30, 2017. http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html.
- ↑ "Modes Development - Block Cipher Techniques | CSRC | CSRC". 4 January 2017. https://csrc.nist.gov/projects/block-cipher-techniques/bcm/modes-development.
- ↑ "Authentication weaknesses in GCM". 2005-05-20. https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/cwc-gcm/ferguson2.pdf.
- ↑ "GCM Update". May 31, 2005. https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/Comments/CWC-GCM/gcm-update.pdf.
External links
- CWC mode home page
- CWC: A high-performance conventional authenticated encryption mode on Cryptology ePrint
- Implementation of CWC on top of AES.
 |  |
