Encryption Mode

Although BestCrypt Volume Encryption supports a number of well-known, strong encryption algorithms, it is important to choose the most suitable encryption mode for the algorithms. When choosing a mode, a number of elements should be taken into account, including strength of the mode against known attacks and certain application of the algorithms. For example, encrypting tape devices or network connections requires encryption modes allowing the encryption of byte-by-byte sequences. If BestCrypt must encrypt 512-bytes sectors that an operating system randomly reads from a disk, it has to use another encryption mode.

BestCrypt Volume Encryption uses XTS encryption mode with all encryption algorithms supported by the software.

The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for protection of information on block storage devices according to IEEE 1619 standard released on 19th December, 2007. The IEEE 1619 document states the following for AES encryption algorithm used as subroutine in XTS mode:

"XTS-AES is a tweakable block cipher that acts on data units of 128 bits or more and uses the AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption key (used by the AES block cipher) as well as a "tweak key" that is used to incorporate the logical position of the data block into the encryption. XTS-AES is a concrete instantiation of the class of tweakable block ciphers described in Rogaway article (Phillip Rogaway - author of the mode). The XTS-AES addresses threats such as copy-and-paste attack, while allowing parallelization and pipelining in cipher implementations."

XTS mode uses its own secret key (a "tweak key") that is completely different from a Primary Encryption Key used by certain other encryption algorithms.

For example, if the block size of AES encryption algorithm is 128 bits, XTS mode requires 128-bit key. As a result, the effective key length for the pair XTS mode + AES becomes higher than AES originally was. While AES key length is 256 bits, XTS+AES pair uses a 256+128 = 384 bits key.

The size of an XTS key is equal to the block size of the specific encryption algorithm; IEEE 1619 standard states that it must be 128 bits or more. For this reason, BestCrypt Volume Encryption has relied upon encryption algorithms with block sizes not less than 128 bits since our second version.

See also: