While working on the BitLocker data encryption we realized that no existing algorithm satisfied all the requirements that we had. We resolved this by combining AES-CBC with a specialized diffuser that improves the security against manipulation attacks.
The paper describing all of this in detail finally made it through all the procedural hoops, and is now available for download. The PDF is at
This paper was also distributed as a handout at the rump session of Crypto 2006.
- Niels Ferguson (cryptographer and developer)