Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
OCB mode
Offset codebook mode (OCB mode) is an authenticated encryption mode of operation for cryptographic block ciphers. OCB mode was designed by Phillip Rogaway, who credits Mihir Bellare, John Black, and Ted Krovetz with assistance and comments on the designs. It is based on the integrity-aware parallelizeable mode (IAPM) of authenticated encryption by Charanjit S. Jutla. The OCB2 version was proven insecure, while the original OCB1 as well as OCB3 from 2011 are still considered secure.
OCB mode was designed to provide both message authentication and privacy. It is essentially a scheme for integrating a message authentication code (MAC) into the operation of a block cipher. In this way, OCB mode avoids the need to use two systems: a MAC for authentication and encryption for confidentiality. This results in lower computational cost compared to using separate encryption and authentication functions.
There are three versions of OCB: OCB1, OCB2 and OCB3. OCB1 was published in 2001. OCB2 improves on OCB1 by allowing associated data to be included with the message, providing authenticated encryption with associated data (AEAD; that is, data that are not encrypted but should be authenticated) and a new method for generating a sequence of offsets. OCB2 was first published in 2003, originally named authenticated-encryption mode, or advanced encryption mode (AEM) and was shown to be completely insecure in 2019. OCB3, published in 2011, changes again the way offsets are computed and introduces minor performance improvements.
OCB2 was standardized in ISO/IEC 19772:2009 (although it was removed from the standard following the publication of the attack) and a modified OCB3 in RFC 7253. The RFC encodes the tag length into the internally formatted nonce.
OCB performance overhead is minimal compared to classical, non-authenticating modes like cipher block chaining. OCB requires one block cipher operation per block of encrypted and authenticated message, and one block cipher operation per block of associated data. There is also one extra block cipher operation required at the end of process.
For comparison, CCM mode offering similar functionality requires twice as many block cipher operations per message block (associated data requires one, as in OCB).
While OCB is now public domain, Rogaway initially patented OCB mode so that he could charge for commercial licenses and in attempt to stop his work showing up in military-related projects. Rogaway intentionally abandoned his OCB patents in 2021.
Two U.S. patents were issued for OCB mode. The patents have hindered approval by the National Institute of Standards and Technology.[citation needed]
Hub AI
OCB mode AI simulator
(@OCB mode_simulator)
OCB mode
Offset codebook mode (OCB mode) is an authenticated encryption mode of operation for cryptographic block ciphers. OCB mode was designed by Phillip Rogaway, who credits Mihir Bellare, John Black, and Ted Krovetz with assistance and comments on the designs. It is based on the integrity-aware parallelizeable mode (IAPM) of authenticated encryption by Charanjit S. Jutla. The OCB2 version was proven insecure, while the original OCB1 as well as OCB3 from 2011 are still considered secure.
OCB mode was designed to provide both message authentication and privacy. It is essentially a scheme for integrating a message authentication code (MAC) into the operation of a block cipher. In this way, OCB mode avoids the need to use two systems: a MAC for authentication and encryption for confidentiality. This results in lower computational cost compared to using separate encryption and authentication functions.
There are three versions of OCB: OCB1, OCB2 and OCB3. OCB1 was published in 2001. OCB2 improves on OCB1 by allowing associated data to be included with the message, providing authenticated encryption with associated data (AEAD; that is, data that are not encrypted but should be authenticated) and a new method for generating a sequence of offsets. OCB2 was first published in 2003, originally named authenticated-encryption mode, or advanced encryption mode (AEM) and was shown to be completely insecure in 2019. OCB3, published in 2011, changes again the way offsets are computed and introduces minor performance improvements.
OCB2 was standardized in ISO/IEC 19772:2009 (although it was removed from the standard following the publication of the attack) and a modified OCB3 in RFC 7253. The RFC encodes the tag length into the internally formatted nonce.
OCB performance overhead is minimal compared to classical, non-authenticating modes like cipher block chaining. OCB requires one block cipher operation per block of encrypted and authenticated message, and one block cipher operation per block of associated data. There is also one extra block cipher operation required at the end of process.
For comparison, CCM mode offering similar functionality requires twice as many block cipher operations per message block (associated data requires one, as in OCB).
While OCB is now public domain, Rogaway initially patented OCB mode so that he could charge for commercial licenses and in attempt to stop his work showing up in military-related projects. Rogaway intentionally abandoned his OCB patents in 2021.
Two U.S. patents were issued for OCB mode. The patents have hindered approval by the National Institute of Standards and Technology.[citation needed]