Abstract

We describe OCB3, the final version of OCB, a blockcipher mode for authenticated encryption (AE). We prove the construction secure, up to the birthday bound, assuming its underlying blockcipher is secure as a strong-PRP. We study the scheme’s software performance, comparing its speed, on multiple platforms, to a variety of other AE schemes. We reflect on the history and development of the mode.

Highlights

  • Schemes for authenticated encryption (AE) symmetrically encrypt a message in a way that ensures both its confidentiality and authenticity

  • A second version, called OCB2 (2004) [18, 38], added support for associated data (AD) [37] and redeveloped the mode using the idea of a tweakable blockcipher [30]

  • The final version of OCB, called OCB3 (2011) [26], corrected some missteps taken with OCB2 and achieved the best performance yet

Read more

Summary

Introduction

Schemes for authenticated encryption (AE) symmetrically encrypt a message in a way that ensures both its confidentiality and authenticity. OCB is a well-known algorithm for achieving this aim. It is a blockcipher mode of operation, the blockcipher usually being AES. A second version, called OCB2 (2004) [18, 38], added support for associated data (AD) [37] and redeveloped the mode using the idea of a tweakable blockcipher [30]. The final version of OCB, called OCB3 (2011) [26], corrected some missteps taken with OCB2 and achieved the best performance yet. It is specified in RFC 7253 [27] and was selected for the CAESAR final portfolio [7]

Objectives
Discussion
Conclusion
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
From Combined to Hybrid: Making Feedback-based AE even Smaller
Avik Chakraborti ... Nilanjan Datta
IACR Transactions on Symmetric Cryptology | VOL. 2020
Avik Chakraborti, et. al.Avik Chakraborti ... Nilanjan Datta
22 Jun 2020
Optimizing Online Permutation-Based AE Schemes for Lightweight Applications
Yu Sasaki ... Kan Yasuda
-
Yu Sasaki, et. al.Yu Sasaki ... Kan Yasuda
01 Jan 2017
Comparative Study of RKC and GCM Mode of Operation
Puneet Kumarkaushal ... Ranjana Singh Rathore
International Journal of Computer Applications | VOL. 52
Puneet Kumarkaushal, et. al.Puneet Kumarkaushal ... Ranjana Singh Rathore
30 Aug 2012
Survey of design and security evaluation of authenticated encryption algorithms in the CAESAR competition
Fan Zhang ... Kui Ren
Frontiers of Information Technology & Electronic Engineering | VOL. 19
Fan Zhang, et. al.Fan Zhang ... Kui Ren
01 Dec 2018
View more papers

More From: Journal of Cryptology

Paper Title
Journal
Date
Author
Zeromorph: Zero-Knowledge Multilinear-Evaluation Proofs from Homomorphic Univariate Commitments
Tohru Kohrita ... Patrick Towa
Journal of Cryptology | VOL. 37
Tohru Kohrita, et. al.Tohru Kohrita ... Patrick Towa
08 Oct 2024
Full Quantum Equivalence of Group Action DLog and CDH, and More
Hart Montgomery ... Mark Zhandry
Journal of Cryptology | VOL. 37
Hart Montgomery, et. al.Hart Montgomery ... Mark Zhandry
08 Oct 2024
Families of Prime-Order Endomorphism-Equipped Embedded Curves on Pairing-Friendly Curves
Antonio Sanso ... Youssef El Housni
Journal of Cryptology | VOL. 37
Antonio Sanso, et. al.Antonio Sanso ... Youssef El Housni
08 Oct 2024
Memory-Efficient Attacks on Small LWE Keys
Andre Esser ... Santanu Sarkar
Journal of Cryptology | VOL. -
Andre Esser, et. al.Andre Esser ... Santanu Sarkar
20 Aug 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.