Data encryption on storage devices is achieved by the application of a suitable cipher mode. Many commonly used cipher modes require an initialization vector (IV). An IV is not secret, yet it must not be reused with the same encryption key in order to preserve confidentiality. A storage device can generate and store a unique IV alongside each encrypted block; however, this capability is not commonly available in mass market implementations. Instead, encrypted storage devices commonly use cipher modes that don’t require an IV, e.g., XTS. However, these have well-known vulnerabilities. This disclosure presents techniques that deterministically derive IVs for block encryption such that they are not stored, yet preserve the property of never being reused.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.