This Article 
 Bibliographic References 
 Add to: 
XTS: A Mode of AES for Encrypting Hard Disks
May/June 2010 (vol. 8 no. 3)
pp. 68-69
Luther Martin, Voltage Security
The XTS mode of the Advanced Encryption Standard (AES) works within the constraints of hard disks while keeping the security that the AES algorithm provides. It's based on Phil Rogaway's XEX (Xor-Encrypt-Xor) construction and uses ciphertext stealing to handle sectors not containing a number of bytes equal to an integer multiple of the AES block size.

1. IEEE Std. 1619-2007, Cryptographic Protection of Data on Block-Oriented Storage Devices, IEEE, 2008.
2. M. Dworkin, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices, NIST Special Publication 800-38E, US Nat'l Inst. of Standards and Technology, 2010; 800-38Enist-sp-800-38E.pdf.
3. P. Rogaway, "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC," Proc. Asiacrypt 2004, Springer, 2004, pp. 16–31.
4. C. Meyer and S. Matyas, Cryptography: A New Dimension in Computer Data Security, John Wiley & Sons, 1982.
5. M.V. Ball, Follow-Up on NIST's Consideration of XTS-AES, IEEE Security in Storage Working Group, 2009; documents/comments/XTSfollow-up_XTS_comments-Ball.pdf .

Index Terms:
XTS, XEX, AES, Advanced Encryption Standard, cryptography, ciphertext, ciphertext stealing, hard disks, block ciphers, encryption, IEEE 1619-2007, security and privacy
Luther Martin, "XTS: A Mode of AES for Encrypting Hard Disks," IEEE Security & Privacy, vol. 8, no. 3, pp. 68-69, May-June 2010, doi:10.1109/MSP.2010.111
Usage of this product signifies your acceptance of the Terms of Use.