OCB mode

From Wikipedia, the free encyclopedia

OCB mode (Offset Codebook Mode) is a mode of operation for cryptographic block ciphers.

Contents 1 Encryption and authentication 2 Patents 3 Performance 4 See also 5 External links 6 References

[edit] Encryption and authentication

It was designed to provide both authentication and privacy. It is essentially a scheme for integrating a Message Authentication Code (MAC) into the operation of a block cipher. In this way, OCB mode avoids the need to use two systems; a MAC for authentication and a block cipher encryption for privacy. This results in lower computational cost compared to the application of separate encryption and authentication functions.

OCB mode was designed by Phillip Rogaway, who credits Mihir Bellare, John Black, and Ted Krovetz with assistance and comment on the designs. It is based on the authenticated encryption mode IAPM due to Charanjit S. Jutla (see the OCB FAQ for more details).

There are two versions of OCB: 1.0 and 2.0. OCB 2.0 improves on 1.0 by allowing associated data to be included with the message — that is, data that are not encrypted but should be authenticated — and a new method for generating a sequence of offsets. OCB 2.0 was first published in 2003, originally named AEM (Authenticated-Encryption Mode, or Advanced Encryption Mode).

OCB mode is listed as an optional method in the IEEE 802.11 wireless security standard as an alternative to CCM.

[edit] Patents

A patent application is in place for OCB mode. However, a special exemption has been granted so that OCB mode can be used in software licensed under the GNU General Public License without cost, as well as in software not developed and not sold inside the United States [1].

[edit] Performance

OCB performance overhead is minimal comparing to classical, non-authenticating modes like CBC. OCB requires one block cipher encryption per each block of encrypted and authenticated message and one encryption per each block of additional associated data. There are also two extra encryptions required at the end of process.

For comparison, CCM mode offering similar functionality requires twice as many encryptions per each message block (associated data requires one as in OCB).

[edit] See also

• CCM mode
• EAX mode

[edit] External links

• OCB homepage
• OCB FAQ

[edit] References

• Phillip Rogaway, Mihir Bellare, John Black. OCB: A block-cipher mode of operation for efficient authenticated encryption, ACM Transactions on Information and System Security (TISSEC), Volume 6, Issue 3, pp.365-403. August 2003.
• Charanjit S. Jutla, "Encryption Modes with Almost Free Message Integrity", Proc. Eurocrypt 2001, LNCS 2045, May 2001.

v • d • e   Block ciphers Common algorithms: AES | Blowfish | DES | Triple DES | Serpent | Twofish Other algorithms: 3-Way | ABC | Akelarre | Anubis | ARIA | BaseKing | BassOmatic | BATON | BEAR and LION | C2 | Camellia | CAST-128 | CAST-256 | CIKS-1 | CIPHERUNICORN-A | CIPHERUNICORN-E | CLEFIA | CMEA | Cobra | COCONUT98 | Crab | CRYPTON | CS-Cipher | DEAL | DES-X | DFC | E2 | FEAL | FEA-M | FROG | G-DES | GOST | Grand Cru | Hasty Pudding Cipher | Hierocrypt | ICE | IDEA | IDEA NXT | Intel Cascade Cipher | Iraqi | KASUMI | KeeLoq | KHAZAD | Khufu and Khafre | KN-Cipher | Ladder-DES | Libelle | LOKI97 | LOKI89/91 | Lucifer | M6 | M8 | MacGuffin | Madryga | MAGENTA | MARS | Mercy | MESH | MISTY1 | MMB | MULTI2 | MultiSwap | New Data Seal | NewDES | Nimbus | NOEKEON | NUSH | Q | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SAVILLE | SC2000 | SEED | SHACAL | SHARK | Skipjack | SMS4 | Spectr-H64 | Square | SXAL/MBAL | TEA | Treyfer | UES | Xenon | xmx | XTEA | XXTEA | Zodiac Design: Feistel network | Key schedule | Product cipher | S-box | SPN Attacks: Brute force | Linear / Differential / Integral cryptanalysis | Mod n | Related-key | Slide | XSL Standardization: AES process | CRYPTREC | NESSIE Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key v • d • e   Cryptographic hash functions and Message authentication codes (MACs) Hash algorithms: Gost-Hash | HAS-160 | HAVAL | MDC-2 | MD2 | MD4 | MD5 | N-Hash | RadioGatún | RIPEMD | SHA family | Snefru | Tiger | WHIRLPOOL | crypt(3) DES MAC algorithms: DAA | CBC-MAC | HMAC | OMAC/CMAC | PMAC | UMAC | Poly1305-AES Authenticated encryption modes: CCM | CWC | EAX | GCM | OCB Attacks: Hash collision | Birthday attack | Preimage attack | Rainbow table | Brute force attack Misc: Avalanche effect | Hash collision | Merkle-Damgård construction   Standardization: CRYPTREC | NESSIE v • d • e   Cryptography History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers | Steganography