{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T13:00:12Z","timestamp":1765976412686},"reference-count":38,"publisher":"American Institute of Mathematical Sciences (AIMS)","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["AMC"],"published-print":{"date-parts":[[2022]]},"abstract":"<p style='text-indent:20px;'>This work introduces ${\\sf {FAST}}$ which is a new family of tweakable enciphering schemes. Several instantiations of ${\\sf {FAST}}$ are described. These are targeted towards two goals, the specific task of disk encryption and a more general scheme suitable for a wide variety of practical applications. A major contribution of this work is to present detailed and careful software implementations of all of these instantiations. For disk encryption, the results from the implementations show that ${\\sf {FAST}}$ compares very favourably to the IEEE disk encryption standards XCB and EME2 as well as the more recent proposal AEZ. ${\\sf {FAST}}$ is built using a fixed input length pseudo-random function and an appropriate hash function. It uses a single-block key, is parallelisable and can be instantiated using only the encryption function of a block cipher. The hash function can be instantiated using either the Horner's rule based usual polynomial hashing or hashing based on the more efficient Bernstein-Rabin-Winograd polynomials. Security of ${\\sf {FAST}}$ has been rigorously analysed using the standard provable security approach and concrete security bounds have been derived. Based on our implementation results, we put forward ${\\sf {FAST}}$ as a serious candidate for standardisation and deployment.<\/p><\/jats:p>","DOI":"10.3934\/amc.2020108","type":"journal-article","created":{"date-parts":[[2020,9,18]],"date-time":"2020-09-18T09:39:46Z","timestamp":1600421986000},"page":"185","source":"Crossref","is-referenced-by-count":3,"title":["${\\sf {FAST}}$: Disk encryption and beyond"],"prefix":"10.3934","volume":"16","author":[{"given":"Debrup","family":"Chakraborty","sequence":"first","affiliation":[]},{"given":"Sebati","family":"Ghosh","sequence":"additional","affiliation":[]},{"given":"Cuauhtemoc Mancillas","family":"L\u00f3pez","sequence":"additional","affiliation":[]},{"given":"Palash","family":"Sarkar","sequence":"additional","affiliation":[]}],"member":"2321","reference":[{"key":"key-10.3934\/amc.2020108-1","unstructured":"Public comments on the XTS-AES mode, http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/comments\/XTS\/collected_XTS_comments.pdf<\/a>."},{"key":"key-10.3934\/amc.2020108-2","unstructured":"IEEE Std 1619-2007: Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices, IEEE Computer Society, 2008. Available at: http:\/\/standards.ieee.org\/findstds\/standard\/1619-2007.html<\/a>."},{"key":"key-10.3934\/amc.2020108-3","unstructured":"IEEE Std 1619.2-2010: IEEE Standard for Wide-block Encryption for Shared Storage Media, March 2011. Available at: http:\/\/standards.ieee.org\/findstds\/standard\/1619.2-2010.html<\/a>."},{"key":"key-10.3934\/amc.2020108-4","doi-asserted-by":"publisher","unstructured":"M. Bellare, D. Cash and S. Keelveedhi, Ciphers that securely encipher their own keys, in (eds. Y. Chen, G. Danezis and V. Shmatikov) Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17-21, 2011<\/i>, 2011,423\u2013432.","DOI":"10.1145\/2046707.2046757"},{"key":"key-10.3934\/amc.2020108-5","doi-asserted-by":"publisher","unstructured":"M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A concrete security treatment of symmetric encryption, in 38th Annual Symposium on Foundations of Computer Science, FOCS '97, Miami Beach, Florida, USA, October 19-22, 1997<\/i>, IEEE Computer Society, 1997,394\u2013403.","DOI":"10.1109\/SFCS.1997.646128"},{"key":"key-10.3934\/amc.2020108-6","unstructured":"D. J. Bernstein, Polynomial evaluation and message authentication, 2007. Available at: http:\/\/cr.yp.to\/papers.html#pema<\/a>."},{"key":"key-10.3934\/amc.2020108-7","doi-asserted-by":"publisher","unstructured":"R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in (eds. T. Iwata and J. H. Cheon) Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II<\/i>, Lecture Notes in Computer Science, 9453, Springer, 2015,159\u2013180.","DOI":"10.1007\/978-3-662-48800-3_7"},{"key":"key-10.3934\/amc.2020108-8","doi-asserted-by":"crossref","unstructured":"D. Chakraborty, S. Ghosh and P. Sarkar, A fast single-key two-level universal hash function, IACR Trans. Symmetric Cryptol.<\/i>, 2017<\/b> (2017), 106\u2013128.","DOI":"10.46586\/tosc.v2017.i1.106-128"},{"key":"key-10.3934\/amc.2020108-9","doi-asserted-by":"publisher","unstructured":"D. Chakraborty, V. Hernandez-Jimenez, P. Sarkar.Another look at XCB, Cryptography and Communications<\/i>, 7<\/b> (2015), 439-468.","DOI":"10.1007\/s12095-015-0127-8"},{"key":"key-10.3934\/amc.2020108-10","doi-asserted-by":"publisher","unstructured":"D. Chakraborty, C. Mancillas-L\u00f3pez, F. Rodr\u00edguez-Henr\u00edquez and P. Sarkar, Efficient hardware implementations of BRW polynomials and tweakable enciphering schemes, IEEE Trans. Computers<\/i>, 62<\/b> (2013), 279\u2013294.","DOI":"10.1109\/TC.2011.227"},{"key":"key-10.3934\/amc.2020108-11","doi-asserted-by":"publisher","unstructured":"D. Chakraborty, C. Mancillas-L\u00f3pez and P. Sarkar, STES: A stream cipher based low cost scheme for securing stored data, IEEE Trans. Computers<\/i>, 64<\/b> (2015), 2691\u20132707.","DOI":"10.1109\/TC.2014.2366739"},{"key":"key-10.3934\/amc.2020108-12","doi-asserted-by":"publisher","unstructured":"D. Chakraborty and M. Nandi, An improved security bound for HCTR, in (eds. K. Nyberg) Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers<\/i>, Lecture Notes in Computer Science, 5086, Springer, 2008,289\u2013302.","DOI":"10.1007\/978-3-540-71039-4_18"},{"key":"key-10.3934\/amc.2020108-13","doi-asserted-by":"publisher","unstructured":"D. Chakraborty and P. Sarkar, A new mode of encryption providing a tweakable strong pseudo-random permutation, in (eds. M. J. B. Robshaw) FSE<\/i>, Lecture Notes in Computer Science, 4047, Springer, 2006,293\u2013309.","DOI":"10.1007\/11799313_19"},{"key":"key-10.3934\/amc.2020108-14","doi-asserted-by":"publisher","unstructured":"D. Chakraborty, P. Sarkar.HCH: A new tweakable enciphering scheme using the hash-counter-hash approach, IEEE Transactions on Information Theory<\/i>, 54<\/b> (2008), 1683-1699.","DOI":"10.1109\/TIT.2008.917623"},{"key":"key-10.3934\/amc.2020108-15","doi-asserted-by":"publisher","unstructured":"D. Chakraborty, P. Sarkar.On modes of operations of a block cipher for authentication and authenticated encryption, Cryptography and Communications<\/i>, 8<\/b> (2016), 455-511.","DOI":"10.1007\/s12095-015-0153-6"},{"key":"key-10.3934\/amc.2020108-16","doi-asserted-by":"crossref","unstructured":"P. Crowley and E. Biggers, Adiantum: Length-preserving encryption for entry-level processors, IACR Trans. Symmetric Cryptol.<\/i>, 2018<\/b> (2018), 39\u201361.","DOI":"10.46586\/tosc.v2018.i4.39-61"},{"key":"key-10.3934\/amc.2020108-17","doi-asserted-by":"crossref","unstructured":"M. J. Dworkin, SP 800-38E. Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices<\/i>, Technical report, Gaithersburg, MD, United States, 2010.","DOI":"10.6028\/NIST.SP.800-38e"},{"key":"key-10.3934\/amc.2020108-18","doi-asserted-by":"publisher","unstructured":"S. Gueron, M. E. Kounavis.Efficient implementation of the galois counter mode using a carry-less multiplier and a fast reduction algorithm, Inf. Process. Lett.<\/i>, 110<\/b> (2010), 549-553.","DOI":"10.1016\/j.ipl.2010.04.011"},{"key":"key-10.3934\/amc.2020108-19","doi-asserted-by":"publisher","unstructured":"S. Gueron, A. Langley and Y. Lindell, AES-GCM-SIV: Specification and analysis, IACR Cryptology ePrint Archive<\/i>, 168<\/b> (2017).","DOI":"10.1007\/978-3-319-52153-4"},{"key":"key-10.3934\/amc.2020108-20","doi-asserted-by":"publisher","unstructured":"S. Halevi, EME$^{ * }$: Extending EME to handle arbitrary-length messages with associated data, in (eds. A. Canteaut and K. Viswanathan) INDOCRYPT<\/i>, Lecture Notes in Computer Science, 3348, Springer 2004,315\u2013327.","DOI":"10.1007\/978-3-540-30556-9_25"},{"key":"key-10.3934\/amc.2020108-21","doi-asserted-by":"publisher","unstructured":"S. Halevi, Invertible universal hashing and the TET encryption mode, in (eds. A. Menezes) CRYPTO<\/i>, Lecture Notes in Computer Science, 4622, Springer, (2007), pages 412\u2013429.","DOI":"10.1007\/978-3-540-74143-5_23"},{"key":"key-10.3934\/amc.2020108-22","doi-asserted-by":"publisher","unstructured":"S. Halevi and H. Krawczyk, Security under key-dependent inputs, in (eds. P. Ning, S. De Capitani di Vimercati, and P. F. Syverson) Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007<\/i>, 2007,466\u2013475.","DOI":"10.1007\/11935308"},{"key":"key-10.3934\/amc.2020108-23","doi-asserted-by":"publisher","unstructured":"S. Halevi and P. Rogaway, A tweakable enciphering mode, in (eds. D. Boneh) CRYPTO<\/i>, Lecture Notes in Computer Science, 2729, Springer, 2003,482\u2013499.","DOI":"10.1007\/978-3-540-45146-4_28"},{"key":"key-10.3934\/amc.2020108-24","doi-asserted-by":"publisher","unstructured":"S. Halevi and P. Rogaway, A parallelizable enciphering mode, in (eds. T. Okamoto) CT-RSA<\/i>, Lecture Notes in Computer Science, 2964, Springer, 2004,292\u2013304.","DOI":"10.1007\/978-3-540-24660-2_23"},{"key":"key-10.3934\/amc.2020108-25","doi-asserted-by":"publisher","unstructured":"V. T. Hoang, T. Krovetz and P. Rogaway, Robust authenticated-encryption AEZ and the problem that it solves, in (eds. E. Oswald and M. Fischlin) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I<\/i>, Lecture Notes in Computer Science, 9056, Springer, 2015, 15\u201344.","DOI":"10.1007\/978-3-662-46800-5_2"},{"key":"key-10.3934\/amc.2020108-26","doi-asserted-by":"publisher","unstructured":"M. Liskov, R. L. Rivest and D. Wagner, Tweakable block ciphers, in (eds. M. Yung) CRYPTO<\/i>, Lecture Notes in Computer Science, 2442, Springer, 2002, 31\u201346.","DOI":"10.1007\/3-540-45708-9_3"},{"key":"key-10.3934\/amc.2020108-27","unstructured":"D. A. McGrew and S. R. Fluhrer, The extended codebook (XCB) mode of operation, Cryptology ePrint Archive<\/i>, Report 2004\/278, 2004, Available at: http:\/\/eprint.iacr.org\/<\/a>."},{"key":"key-10.3934\/amc.2020108-28","doi-asserted-by":"publisher","unstructured":"D. A. McGrew and S. R. Fluhrer, The security of the extended codebook (xcb) mode of operation, in (eds. C. M. Adams, A. Miri, and M. J. Wiener) Selected Areas in Cryptography<\/i>, Lecture Notes in Computer Science, 4876, Springer, 2007,311\u2013327.","DOI":"10.1007\/978-3-540-77360-3_20"},{"key":"key-10.3934\/amc.2020108-29","unstructured":"D. A. McGrew and J. Viega, Arbitrary block length mode, 2004."},{"key":"key-10.3934\/amc.2020108-30","doi-asserted-by":"publisher","unstructured":"K. Minematsu, Parallelizable rate-1 authenticated encryption from pseudorandom functions, in (eds. P. Q. Nguyen and E. Oswald) Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings<\/i>, Lecture Notes in Computer Science, 8441, Springer, 2014,275\u2013292.","DOI":"10.1007\/978-3-642-55220-5_16"},{"key":"key-10.3934\/amc.2020108-31","doi-asserted-by":"publisher","unstructured":"M. Naor, O. Reingold.On the construction of pseudorandom permutations: Luby-Rackoff revisited, J. Cryptology<\/i>, 12<\/b> (1999), 29-66.","DOI":"10.1007\/PL00003817"},{"key":"key-10.3934\/amc.2020108-32","doi-asserted-by":"publisher","unstructured":"M. O. Rabin, S. Winograd.Fast evaluation of polynomials by rational preparation, Comm. Pure Appl. Math.<\/i>, 25<\/b> (1972), 433-458.","DOI":"10.1002\/cpa.3160250405"},{"key":"key-10.3934\/amc.2020108-33","doi-asserted-by":"publisher","unstructured":"P. Rogaway, Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC, in (eds. P. J. Lee) ASIACRYPT<\/i>, Lecture Notes in Computer Science, 3329, Springer, 2004, 16\u201331.","DOI":"10.1007\/978-3-540-30539-2_2"},{"key":"key-10.3934\/amc.2020108-34","doi-asserted-by":"publisher","unstructured":"P. Rogaway and T. Shrimpton, A provable-security treatment of the key-wrap problem, in (eds. Serge Vaudenay) EUROCRYPT<\/i>, Lecture Notes in Computer Science, 4004, Springer, 2006,373\u2013390.","DOI":"10.1007\/11761679_23"},{"key":"key-10.3934\/amc.2020108-35","doi-asserted-by":"publisher","unstructured":"P. Sarkar.A general mixing strategy for the ECB-Mix-ECB mode of operation, Inf. Process. Lett.<\/i>, 109<\/b> (2008), 121-123.","DOI":"10.1016\/j.ipl.2008.09.012"},{"key":"key-10.3934\/amc.2020108-36","doi-asserted-by":"publisher","unstructured":"P. Sarkar.Efficient tweakable enciphering schemes from (block-wise) universal hash functions, IEEE Transactions on Information Theory<\/i>, 55<\/b> (2009), 4749-4759.","DOI":"10.1109\/TIT.2009.2027487"},{"key":"key-10.3934\/amc.2020108-37","doi-asserted-by":"publisher","unstructured":"P. Sarkar.Tweakable enciphering schemes using only the encryption function of a block cipher, Inf. Process. Lett.<\/i>, 111<\/b> (2011), 945-955.","DOI":"10.1016\/j.ipl.2011.06.014"},{"key":"key-10.3934\/amc.2020108-38","doi-asserted-by":"publisher","unstructured":"P. Wang, D. Feng and W. Wu, HCTR: A variable-input-length enciphering mode, in (eds. D. Feng, D. Lin, and M. Yung) CISC<\/i>, Lecture Notes in Computer Science, 3822, Springer, 2005,175\u2013188.","DOI":"10.1007\/11599548_15"}],"container-title":["Advances in Mathematics of Communications"],"original-title":[],"link":[{"URL":"https:\/\/www.aimsciences.org\/article\/exportPdf?id=ac2cbcad-a848-4d90-9c63-981709c4f988","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,30]],"date-time":"2021-12-30T11:44:07Z","timestamp":1640864647000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.aimsciences.org\/article\/doi\/10.3934\/amc.2020108"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022]]}},"alternative-id":["1930-5346_2022_1_185"],"URL":"https:\/\/doi.org\/10.3934\/amc.2020108","relation":{},"ISSN":["1930-5346","1930-5338"],"issn-type":[{"value":"1930-5346","type":"print"},{"value":"1930-5338","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]}}}