New requirements for XTS encryption mode (IEEE 1619 standard)

[Milan Broz <gmazyland@gmail.com>]

[-- Attachment #1.1.1: Type: text/plain, Size: 1178 bytes --]

Hi,

Many disk encryption systems currently utilize AES-XTS encryption, which is the default for LUKS and plain mode in cryptsetup.

A recent draft of the IEEE AES-XTS standard proposed new requirements for XTS implementation, notably the mandatory use of key scopes. Unfortunately, this draft is behind a paywall; even with a paid subscription, IEEE requires additional fees to download it.

These changes will significantly impact LUKS (and likely many other open-source software projects that utilize XTS mode). In light of this, we prepared an independent summarization paper explaining the issues associated with XTS mode.

Our paper is now available under a CC-BY license on Arxiv:
  *XTS Mode Revisited: High Hopes for Key Scopes?*
  https://arxiv.org/abs/2502.18631

I welcome any comments, additional information, or suggestions. The source of the paper is available on my GitHub: https://github.com/mbroz/xts-paper, where you can create issues to share your thoughts.

Thanks,
Milan

[1] P1619/D12, Oct 2024 - IEEE Draft Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices
https://ieeexplore.ieee.org/document/10720727


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 4753 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]