OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption

ACM Transactions on Information and System Security

Volumn 6, Issue 3, 2003, Pages 365-403

  Rogaway, Phillip ^a   Bellare, Mihir ^b   Black, John ^c  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c University of Colorado   (United States)

Author keywords

AES; authenticity; block cipher usage; cryptography; encryption; integrity; modes of operation; Performance; provable security; Security; standards; Theory

Indexed keywords

EID: 26444532494     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/937527.937529     Document Type: Article

References (35)

1. An,J. and Bellare, M. 2001. Does encryption with redundancy provide authenticity? In Advances in Cryptology-EUROCRYPT 2001. B. Pfitzmann, Ed. Lecture Notes in Computer Science, vol. 2045. Springer-Verlag, Berlin, 512-528.
2. Aoki, K., Lipmaa, H., 2000. Fast implementations of AES candidates. In The 3rd Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, NY, USA, 106-120.
3. Bellare, M., Desai, A., Jokipii, E., Rogaway, P., 1997. A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 97). ACM Press, New York, 394-403.
4. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P., 1998. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology-CRYPTO '98, H. Krawczyk, Ed. Lecture Notes in Computer Science, vol. 1462. Springer-Verlag, Berlin, 232-249.
5. Bellare, M., Guerin, R., Rogaway, P., 1995. XOR MACs: New methods for message authentication using finite pseudorandom functions. In Advances in Cryptology-CRYPTO '95 D. Coppersmith, Ed. Lecture Notes in Computer Science, vol. 963. Springer-Verlag, Berlin, 1528.
6. Bellare, M., Kilian, J., Rogaway, P., 2000. The security of the cipher block chaining message authentication code.Journal of Computer and System Sciences (JCSS) 61, 3 (December), 362-399. Earlier version in CRYPTO '94.
7. Bellare, M., Namprempre, C., 2000. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology-ASIACRYPT '00 T. Okamoto, Ed. Lecture Notes in Computer Science, vol. 1976. Springer-Verlag, Berlin, 531-545.
8. Bellare, M., Rogaway, P., 2000. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption. In Advances in Cryptology-ASIACRYPT '00 T. Okamoto, Ed. Lecture Notes in Computer Science, vol. 1976. Springer-Verlag, Berlin, 317-330.
9. Black, J., Urtubia, H., 2002. Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In Proceedings of the 11th USENIX Security Symposium. USENIX, 327-338.
10. Bleichenbacher, D., 1998. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Advances in Cryptology-CRYPTO '98. H. Krawczyk, Ed. Lecture Notes in Computer Science, vol. 1462. Springer-Verlag, Berlin, 1-12.
11. Dolev, D., Dwork, C., Naor, M., 2000. Non-malleable cryptography.SIAM J. Comp. 3, 2, 391-497. Earlier version appeared at STOC '91.
12. Gligor, V., Donescu, P., 1999. Integrity-aware PCBC encryption schemes. In Security Protocols, 7th International Workshop. B. Christianson, B. Crispo, J. A. Malcolm, and M. Roe, Eds. Lecture Notes in Computer Science, vol. 1796. Springer-Verlag, Berlin, 153-171.
13. Gligor, V., Donescu, P., 2000a. Fast encryption and authentication: XCBC encryption and XECB authentication modes. Manuscript, Aug. 18.
14. Gligor, V., Donescu, P., 2000b. Fast encryption and authentication: XCBC encryption and XECB authentication modes. Contribution to NIST, Oct 27, 2000.
15. Gligor, V., Donescu, P., 2000c. Fast encryption and authentication: XCBC encryption and XECB authentication modes. Contribution to NIST, Mar 30, 2001, rev. Apr 20, 2001.
16. Gligor, V., Donescu, P., 2002. Fast encryption and authentication: XCBC encryption and XECB authentication modes. In Fast Software Encryption, 8th International Workshop, FSE 2001. M. Matsui, Ed. Lecture Notes in Computer Science, vol. 2355. Springer-Verlag, Berlin, 92-108.
17. Goldwasser, S., Micali, S., 1984. Probabilistic encryption.J. Comput. Syst. Sci. 28, 270-299.
18. Halevi, S., 2001. An observation regarding Jutla's modes of operation. Cryptology ePrint archive, reference number 2001/015, submitted Feb. 22, 2001, revised Apr. 2, 2001.
19. Jutla, C., 2000a. Encryption modes with almost free message integrity. Cryptology ePrint archive, reference number 2000/039, Aug. 1, 2000.
20. Jutla, C., 2001a. Encryption modes with almost free message integrity. In Advances in Cryptology-EUROCRYPT 2001. B. Pfitzmann, Ed. Lecture Notes in Computer Science, vol. 2045. Springer-Verlag, Berlin.
21. Jutla, C., 2001b. Encryption modes with almost free message integrity. Contribution to NIST. Undated manuscript, posted May 24, 2001 at NIST web site csrc.nist.gov/encryption/ modes/proposedmodes.
22. Katz, J., Yung, M., 2000a. Complete characterization of security notions for probabilistic private-key encryption. In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC 2000). ACM Press, New York, 245-254.
23. Katz, J., Yung, M., 2000b. Unforgeable encryption and adaptively secure modes of operation. In Fast Software Encryption, 7th International Workshop, FSE 2000. B. Schneier, Ed. Lecture Notes in Computer Science, vol. 1978. Springer-Verlag, Berlin, 284-299.
24. Krawczyk, H., 2001. The order of encryption and authentication for protecting communications (or: How secure is SSL?). In Advances in Cryptology-CRYPTO 2001. J. Kilian, Ed. Lecture Notes in Computer Science, vol. 2139. Springer-Verlag, 310-331.
25. Luby, M., Rackoff, C., 1988. How to construct pseudorandom permutations from pseudorandom functions.SIAM J. Comput. 17, 2 (April), 373-386.
26. Manger, J., 2001. A chosen ciphertext attack on RSA optimal asymmetric encryption padding OAEP as standardized in PKCS#1 v2.0. In Advances in Cryptology-CRYPTO '01. J. Kilian, Ed. Lecture Notes in Computer Science, vol. 2139. Springer-Verlag, Berlin, 230-238.
27. Meyer, C. H., Matyas, S. M., 1982.Cryptography: A New Dimension in Computer Data Security. John Wiley and Sons, New York.
28. Preneel, B., 1998. Cryptographic primitives for information authentication-State of the art. In State of the Art in Applied Cryptography, COSIC '97. Lecture Notes in Computer Science, vol. 1528. Springer-Verlag, Berlin, 49-104.
29. Rogaway, P., 2000. OCB mode: Parallelizable authenticated encryption. Contribution to NIST, Oct. 16, 2000 (Preliminary version of the OCB algorithm).
30. Rogaway, P., 2002. Authenticated-encryption with associated-data. In ACM Conference on Computer and Communications Security (CCS-9). ACM Press, New York, 196-205.
31. Rogaway, P., Bellare, M., Black, J., Krovetz, T., 2001a. OCB mode. Contribution to NIST, Apr. 1, 2001, revised Apr. 18, 2001.
32. Rogaway, P., Bellare, M., Black, J., Krovetz, T., 2001b. OCB: A block-city (CCS-8). ACM Press, New York, 196-205.
33. Steiner, J., Neuman, C., Schiller, J., 1988. Kerberos: an authentication service for open network systems. In Proceedings of the Winter 1988 Usenix Conference. USENIX Association, 191-201.
34. US NATIONAL INSTITUTE OF STANDARDS. 2001.Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197. Based on J. Daemen and V. Rijmen, AES Proposal: Rijndael. Sep. 3, 1999.
35. Vaudenay, S., 2002. Security flaws induced by CBC padding-applications to SSL, IPSEC, WTLS. In Advances in Cryptology-EUROCRYPT '02. L. Knudsen, Ed. Lecture Notes in Computer Science, vol. 2332. Springer-Verlag, Berlin, 534-546.