OCB
Top Cited Papers
- 1 August 2003
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security
- Vol. 6 (3) , 365-403
- https://doi.org/10.1145/937527.937529
Abstract
We describe a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. OCB encrypts-and-authenticates a nonempty string M ∈ {0, 1}* using ⌈| M |/ n ⌉ + 2 block-cipher invocations, where n is the block length of the underlying block cipher. Additional overhead is small. OCB refines a scheme, IAPM, suggested by Charanjit Jutla. Desirable properties of OCB include the ability to encrypt a bit string of arbitrary length into a ciphertext of minimal length, cheap offset calculations, cheap key setup, a single underlying cryptographic key, no extended-precision addition, a nearly optimal number of block-cipher calls, and no requirement for a random IV. We prove OCB secure, quantifying the adversary's ability to violate the mode's privacy or authenticity in terms of the quality of its block cipher as a pseudorandom permutation (PRP) or as a strong PRP, respectively.Keywords
This publication has 7 references indexed in Scilit:
- Encryption Modes with Almost Free Message IntegrityPublished by Springer Nature ,2001
- Does Encryption with Redundancy Provide Authenticity?Published by Springer Nature ,2001
- The Security of the Cipher Block Chaining Message Authentication CodeJournal of Computer and System Sciences, 2000
- Nonmalleable CryptographySIAM Journal on Computing, 2000
- Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1Published by Springer Nature ,1998
- How to Construct Pseudorandom Permutations from Pseudorandom FunctionsSIAM Journal on Computing, 1988
- Probabilistic encryptionJournal of Computer and System Sciences, 1984