International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: CWC: A high-performance conventional authenticated encryption mode

Tadayoshi Kohno
John Viega
Doug Whiting
Search ePrint
Search Google
Abstract: We introduce CWC, a new block cipher mode of operation for protecting both the privacy and the authenticity of encapsulated data. CWC is currently the only such mode having all five of the following properties: provable security, parallelizability, high performance in hardware, high performance in software, and no intellectual property concerns. We believe that having all five of these properties makes CWC a powerful tool for use in many performance-critical cryptographic applications. CWC is also the only appropriate solution for some applications; e.g., standardization bodies like the IETF and NIST prefer patent-free modes, and CWC is the only such mode capable of processing data at 10Gbps in hardware, which will be important for future IPsec (and other) network devices. As part of our design, we also introduce a new parallelizable universal hash function optimized for performance in both hardware and software.
  title={CWC: A high-performance conventional authenticated encryption mode},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / modes of operation, authenticated encryption},
  note={ 12433 received 27 May 2003, last revised 15 Jan 2004},
  author={Tadayoshi Kohno and John Viega and Doug Whiting},