OCB mode
Encyclopedia
OCB mode is a mode of operation
for cryptographic block cipher
s.
and privacy
. It is essentially a scheme for integrating a Message Authentication Code
(MAC) into the operation of a block cipher
. In this way, OCB mode avoids the need to use two systems; a MAC for authentication and a block cipher
encryption
for privacy. This results in lower computational cost compared to the application of separate encryption and authentication functions.
OCB mode was designed by Phillip Rogaway
, who credits Mihir Bellare
, John Black, and Ted Krovetz with assistance and comments on the designs. It is based on the authenticated encryption mode IAPM due to Charanjit S. Jutla (see the OCB FAQ for more details).
There are two versions of OCB: 1.0 and 2.0. OCB 2.0 improves on 1.0 by allowing associated data to be included with the message — that is, data that are not encrypted but should be authenticated — and a new method for generating a sequence of offsets. OCB 2.0 was first published in 2003, originally named AEM (Authenticated-Encryption Mode, or Advanced Encryption Mode).
OCB mode is listed as an optional method in the IEEE 802.11 wireless security standard as an alternative to CCM
.
For comparison, CCM mode
offering similar functionality requires twice as many encryptions per each message block (associated data requires one as in OCB).
patents have been issued for OCB mode. http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-faq.htm#patent:phil However, a special exemption has been granted so that OCB mode can be used in software licensed under the GNU General Public License
without cost, as well as for any non-commercial, non-governmental application. Since the authors have only applied for patent protection in the U.S., the algorithm is free to use in software not developed and not sold inside the U.S. http://www.cs.ucdavis.edu/~rogaway/ocb/offer.htm.
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
for cryptographic block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s.
Encryption and authentication
It was designed to provide both authenticationAuthentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
and privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
. It is essentially a scheme for integrating a Message Authentication Code
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
(MAC) into the operation of a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
. In this way, OCB mode avoids the need to use two systems; a MAC for authentication and a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
for privacy. This results in lower computational cost compared to the application of separate encryption and authentication functions.
OCB mode was designed by Phillip Rogaway
Phillip Rogaway
Phillip Rogaway is a professor of computer science at the University of California, Davis. He graduated with an BA in computer science from UC Berkeley and completed his PhD in cryptography at MIT, in the Theory of Computation group. He has taught at UC Davis since 1994.Dr...
, who credits Mihir Bellare
Mihir Bellare
Mihir Bellare is a cryptographer and professor at the University of California, San Diego. He has published several seminal papers in the field of cryptography , many coauthored with Phillip Rogaway. Bellare has published a number of papers in the field of Format-Preserving Encryption...
, John Black, and Ted Krovetz with assistance and comments on the designs. It is based on the authenticated encryption mode IAPM due to Charanjit S. Jutla (see the OCB FAQ for more details).
There are two versions of OCB: 1.0 and 2.0. OCB 2.0 improves on 1.0 by allowing associated data to be included with the message — that is, data that are not encrypted but should be authenticated — and a new method for generating a sequence of offsets. OCB 2.0 was first published in 2003, originally named AEM (Authenticated-Encryption Mode, or Advanced Encryption Mode).
OCB mode is listed as an optional method in the IEEE 802.11 wireless security standard as an alternative to CCM
CCM mode
CCM mode is a mode of operation for cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and confidentiality. CCM mode is only defined for block ciphers with a block length of 128 bits...
.
Performance
OCB performance overhead is minimal comparing to classical, non-authenticating modes like CBC. OCB requires one block cipher encryption per each block of encrypted and authenticated message and one encryption per each block of additional associated data. There are also two extra encryptions required at the end of process.For comparison, CCM mode
CCM mode
CCM mode is a mode of operation for cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and confidentiality. CCM mode is only defined for block ciphers with a block length of 128 bits...
offering similar functionality requires twice as many encryptions per each message block (associated data requires one as in OCB).
Patents
Two U.S.United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
patents have been issued for OCB mode. http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-faq.htm#patent:phil However, a special exemption has been granted so that OCB mode can be used in software licensed under the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
without cost, as well as for any non-commercial, non-governmental application. Since the authors have only applied for patent protection in the U.S., the algorithm is free to use in software not developed and not sold inside the U.S. http://www.cs.ucdavis.edu/~rogaway/ocb/offer.htm.
See also
- CCM modeCCM modeCCM mode is a mode of operation for cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and confidentiality. CCM mode is only defined for block ciphers with a block length of 128 bits...
- CWC modeCWC modeIn cryptography, CWC Mode is an AEAD block cipher mode of operation that provides both encryption and built-in message integrity, similar to CCM and OCB modes. Designed by Tadayoshi Kohno, John Viega and Doug Whiting, NIST is CWC mode for standardization...
- EAX modeEAX modeEAX mode is a mode of operation for cryptographic block ciphers. It is an Authenticated Encryption with Associated Data algorithm designed to simultaneously provide both authentication and privacy of the message with a two-pass scheme, one pass for achieving privacy and one for authenticity for...
- GCM mode
- PCFB mode
- XCBC mode