Beginner's Tutorial

System Encryption

 Supported Systems

 Hidden Operating System

 Rescue Disk

Plausible Deniability

 Hidden Volume

  Protection of Hidden Vol.

  Security Requirements

 Hidden Operating System



Hardware Acceleration

Encryption Algorithms





Hash Algorithms




Technical Details


 Encryption Scheme

 Modes of Operation

 Header Key Derivation

 Random Number Gen.


 Volume Format Spec.

 Standards Compliance

 Source Code

TrueCrypt Volume

 Creating New Volumes

 Favorite Volumes

 System Favorite Volumes

Main Program Window

 Program Menu

 Mounting Volumes

Supported Systems

Portable Mode


Tokens & Smart Cards

Language Packs

Hot Keys

Security Model

Security Requirements

 Data Leaks

  Paging File

  Hibernation File

  Memory Dump Files

 Unencrypted Data in RAM

 Physical Security


 Multi-User Environment

 Authenticity and Integrity

 New Passwords & Keyfiles

 Password/Keyfile Change

 Trim Operation


 Reallocated Sectors


 Journaling File Systems

 Volume Clones

 Additional Requirements

Command Line Usage

Backing Up Securely


 Use Without Admin Rights

 Sharing over Network

 Background Task

 Removable Medium Vol.

 TrueCrypt System Files

 Removing Encryption

 Uninstalling TrueCrypt

 Digital Signatures



Issues and Limitations


Future Development


Version History



Technical Details >  Modes of Operation Search


Please consider making a donation.

   Donate Now >> Donate   

Modes of Operation

The mode of operation used by TrueCrypt for encrypted partitions, drives, and virtual volumes is XTS.

XTS mode is in fact XEX mode [12], which was designed by Phillip Rogaway in 2003, with a minor modification (XEX mode uses a single key for two different purposes, whereas XTS mode uses two independent keys).

In 2010, XTS mode was approved by NIST for protecting the confidentiality of data on storage devices [24]. In 2007, it was also approved by the IEEE for cryptographic protection of data on block-oriented storage devices (IEEE 1619).

Description of XTS mode:

Ci = EK1(Pi ^ (EK2(n) Multiplication ai)) ^ (EK2(n) Multiplication ai)


Multiplication   denotes multiplication of two polynomials over the binary field GF(2) modulo x128+x7+x2+x+1


is the encryption key (256-bit for each supported cipher; i.e, AES, Serpent, and Twofish)


is the secondary key (256-bit for each supported cipher; i.e, AES, Serpent, and Twofish)


is the cipher block index within a data unit;   for the first cipher block within a data unit, i = 0


is the data unit index within the scope of K1;   for the first data unit, n = 0


is a primitive element of GF(2128) chosen as the polynomial x (i.e., 2)

Note: The remaining symbols are defined in the section Notation.

The size of each data unit is always 512 bytes (regardless of the sector size).

For further information pertaining to XTS mode, see e.g. [12] and [24].

 Ads by Google 

  Next Section >>

Legal Notices

 Ads by Google