Jump to content

CWC mode

From Wikipedia, the free encyclopedia

In cryptography, CWC Mode (Carter–Wegman + CTR mode) is an AEAD block cipher mode of operation that provides both encryption and built-in message integrity, similar to CCM and OCB modes. It combines the use of CTR mode with a 128-bit block cipher for encryption with an efficient polynomial Carter–Wegman MAC with a tag length of at most 128 bits and is designed by Tadayoshi Kohno, John Viega and Doug Whiting.[1]

CWC mode was submitted to NIST[2] for standardization, but NIST opted for the similar GCM mode instead.[3]

Although GCM has weaknesses compared to CWC,[4] the GCM authors successfully argued for GCM.[5]

CWC allows the payload and associated data to be at most 232 - 1 blocks or nearly 550 GB.[1]

References

[edit]
  1. ^ a b Kohno, Tadayoshi; Viega, John; Whiting, Doug (2004). "CWC: A High-Performance Conventional Authenticated Encryption Mode". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 3017. pp. 408–426. doi:10.1007/978-3-540-25937-4_26. ISBN 9783540259374.
  2. ^ "NIST.gov - Computer Security Division - Computer Security Resource Center". August 30, 2017. Archived from the original on 2017-08-30.
  3. ^ "Modes Development - Block Cipher Techniques | CSRC | CSRC". 4 January 2017.
  4. ^ "Authentication weaknesses in GCM" (PDF). 2005-05-20.
  5. ^ "GCM Update" (PDF). May 31, 2005.
[edit]