OCB Journal Article uri icon



  • ; We describe a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. OCB encrypts-and-authenticates a nonempty string; M; ∈ {0, 1}* using ⌈-; M; -/; n; ⌉ + 2 block-cipher invocations, where; n; is the block length of the underlying block cipher. Additional overhead is small. OCB refines a scheme, IAPM, suggested by Charanjit Jutla. Desirable properties of OCB include the ability to encrypt a bit string of arbitrary length into a ciphertext of minimal length, cheap offset calculations, cheap key setup, a single underlying cryptographic key, no extended-precision addition, a nearly optimal number of block-cipher calls, and no requirement for a random IV. We prove OCB secure, quantifying the adversary's ability to violate the mode's privacy or authenticity in terms of the quality of its block cipher as a pseudorandom permutation (PRP) or as a strong PRP, respectively.;

publication date

  • August 1, 2003

has restriction

  • closed

Date in CU Experts

  • December 3, 2013 9:04 AM

Full Author List

  • Rogaway P; Bellare M; Black J

author count

  • 3

Other Profiles

International Standard Serial Number (ISSN)

  • 1094-9224

Electronic International Standard Serial Number (EISSN)

  • 1557-7406

Additional Document Info

start page

  • 365

end page

  • 403


  • 6


  • 3