DCBC: A distributed high-performance block-cipher mode of operation

Abstract

Since the rise of Big Data, working with large files became the rule and no longer the exception. Despite this fact, some data at-rest encryption modes of operation, namely CBC, are being used even though they do not take into account the heavy cost of running sequential encryption operations over a big volume of data. This led to some attempts that aim to parallelizing such operations either by only chaining isolated subsets of the plaintext, or by using hash functions to reflect any changes made to the plaintext before running parallel encryption operations. However, we noticed that such solutions present some security issues of different levels of severity. In this paper, we propose a Distributed version of CBC, which we refer to as DCBC, that uses an IV generation layer to ensure some level of chaining between multiple CBC encryption operations that run in parallel, while keeping CPA security intact and even adding new operations such as appending data without compromising the encryption mode's security. We will, also, make a theoretical performance comparison between DCBC and CBC under different circumstances to study optimal conditions for running our proposed mode. We show in this comparison that our solution largely outperforms CBC, when it comes to large files.