Toy Practical Cryptanalysis

Theory to Working Demonstrations of Toy XTS

AES-XTS

2 keys, 2 roles
XEX uses 2 AES keys, and XTS formalizes this:

• K1​ for the actual data encryption.
• K2​ for generating the tweak (position-dependent value).

Tweak evolution

• For each block within a sector/file, the tweak is multiplied in the finite field GF(2¹²⁸), rather than just incremented.
• This prevents linear patterns when encrypting consecutive blocks.

XTS cannot support a size indefinitely, the following is a false presumption:

If sector size = 512 bytes: 2¹²⁸×512 ≈ 2¹³⁷ bytes
If sector size = 4096 bytes: 2¹²⁸×4096 ≈ 2¹⁴⁰ bytes

For reference:

• 2⁴⁰ ≈ 1 TB
• 2⁶⁰ ≈ 1 EB (exabyte)
• 2⁸⁰ ≈ 1 yottabyte

2¹³⁷ or 2¹⁴⁰ bytes is so astronomically large that it exceeds any conceivable storage device by many, many orders of magnitude. However, the idea that XTS can support more than 16 TB is fallacious. This is due to birthday paradox and the pattern leaking within the linearity multiplier effect.

Making a toy example of AES-XTS: