Welcome to the resource topic for 2001/026
Title:
OCB Mode
Authors: Phillip Rogaway, Mihir Bellare, John Black, Ted Krovetz
Abstract:This paper was prepared for NIST, which is considering new
block-cipher modes of operation. It describes a parallelizable
mode of operation that simultaneously provides both privacy
and authenticity. “OCB mode” encrypts-and-authenticates
an arbitrary message M\in\bits^* using only \lceil |M|/n\rceil + 2
block-cipher invocations, where n is the block length of the
underlying block cipher. Additional overhead is small.
OCB refines a scheme, IAPM, suggested by Jutla [IACR-2000/39], who
was the first to devise an authenticated-encryption mode with minimal
overhead compared to standard modes. Desirable new properties of
OCB include: very cheap offset calculations; operating on an arbitrary
message M\in\bits^*; producing ciphertexts of minimal length;
using a single underlying cryptographic key; making a nearly optimal number
of block-cipher calls; avoiding the need for a random IV; and rendering it
infeasible for an adversary to find “pretag collisions”. The paper
provides a full proof of security for OCB.
ePrint: https://eprint.iacr.org/2001/026
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .