Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Full Disk Encryption: Bridging Theory and Practice



Louiza Khati, Nicky Mouha, Damien Vergnaud


We revisit the problem of Full Disk Encryption (FDE), which refers to the encryption of each sector of a disk volume. In the context of FDE, it is assumed that there is no space to store additional data, such as an IV (Initialization Vector) or a MAC (Message Authentication Code) value. We formally define the security notions in this model against chosen-plaintext and chosen-ciphertext attacks. Then, we classify various FDE modes of operation according to their security in this setting, in the presence of various restrictions on the queries of the adversary. We will find that our approach leads to new insights for both theory and practice. Moreover, we introduce the notion of a diversifier, which does not require additional storage, but allows the plaintext of a particular sector to be encrypted to different ciphertexts. We show how a 2-bit diversifier can be implemented in the EagleTree simulator for solid state drives (SSDs), while decreasing the total number of Input/Output Operations Per Second (IOPS) by only 4%.
Conference Dates
February 14-17, 2017
Conference Location
San Francisco, CA, US
Conference Title
CT-RSA 2017 - RSA Conference Cryptographers' Track


disk encryption theory, full disk encryption, FDE, XTS, IEEE P1619, unique first block, diversifier, provable security


Khati, L. , Mouha, N. and Vergnaud, D. (2017), Full Disk Encryption: Bridging Theory and Practice, CT-RSA 2017 - RSA Conference Cryptographers' Track, San Francisco, CA, US, [online],, (Accessed June 13, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created February 2, 2017, Updated October 12, 2021