Login
Login

CWC mode

{{Short description|Authenticated encryption mode for block ciphers}}

{{More citations needed|date=April 2019}}

In cryptography, CWC Mode (Carter–Wegman + CTR mode) is an AEAD block cipher mode of operation that provides both encryption and built-in message integrity, similar to CCM and OCB modes. It combines the use of CTR mode with a 128-bit block cipher for encryption with an efficient polynomial Carter–Wegman MAC with a tag length of at most 128 bits and is designed by Tadayoshi Kohno, John Viega and Doug Whiting.{{cite book | chapter-url=https://link.springer.com/chapter/10.1007/978-3-540-25937-4_26 | doi=10.1007/978-3-540-25937-4_26 | isbn=9783540259374 | series=Lecture Notes in Computer Science | year=2004 | pages=408–426 | last1=Kohno | first1=Tadayoshi | last2=Viega | first2=John | last3=Whiting | first3=Doug | title=Fast Software Encryption | chapter=CWC: A High-Performance Conventional Authenticated Encryption Mode | volume=3017 }}

CWC mode was submitted to NIST{{Cite web |date=August 30, 2017 |title=NIST.gov - Computer Security Division - Computer Security Resource Center |url=http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html |url-status=dead |archive-url=https://web.archive.org/web/20170830120738/http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html |archive-date=2017-08-30}} for standardization, but NIST opted for the similar GCM mode instead.{{cite web | url=https://csrc.nist.gov/projects/block-cipher-techniques/bcm/modes-development | title=Modes Development - Block Cipher Techniques | CSRC | CSRC | date=4 January 2017 }}

Although GCM has weaknesses compared to CWC,{{Cite web |date=2005-05-20 |title=Authentication weaknesses in GCM |url=https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/cwc-gcm/ferguson2.pdf}} the GCM authors successfully argued for GCM.{{Cite web |date=May 31, 2005 |title=GCM Update |url=https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/Comments/CWC-GCM/gcm-update.pdf}}

CWC allows the payload and associated data to be at most 232 - 1 blocks or nearly 550 GB.

References

External links

  • [https://web.archive.org/web/20111228025901/http://www.zork.org/cwc/ CWC mode home page]
  • [https://eprint.iacr.org/2003/106 CWC: A high-performance conventional authenticated encryption mode] on Cryptology ePrint
  • [https://web.archive.org/web/20140314190553/http://gladman.plushost.co.uk/oldsite/AES/index.php Implementation of CWC] on top of AES.

{{Cryptography navbox | block | hash}}

Category:Block cipher modes of operation

Category:Authenticated-encryption schemes

{{crypto-stub}}