OCB: Documentation
The following documents, listed
in reverse-chronological order, describe OCB and the theory behind it.
TXT
Ted Korvetz and Phillip Rogaway.
[ocb-spec]
The OCB Authenticated-Encryption Algorithm.
Internet Draft
draft-krovetz-ocb-00.txt.
March 2005.
This is the specification of OCB (version 2.0).
PDF /
PS
Phillip Rogaway.
[offsets]
Efficient Instantiations of Tweakable Blockciphers
and Refinements to Modes OCB and PMAC.
Advances in Cryptology - Asiacrypt 2004.
Lecture Notes in Computer Science, Springer, 2004.
Uses the idea of tweakable blockciphers (due to [Liskov, Rivest, Wagner])
to simplify the original design of OCB and PMAC.
PDF /
PS
Phillip Rogaway.
[ad]
Authenticated-Encryption with Associated-Data.
ACM Conference on Computer and Communications Security 2002 (CCS'02),
ACM Press, pp. 98-107, September 2002.
Treats the problem of handling a "header"—associated data—that
should be authenticated but not encrypted.
PDF /
PS
John Black and Phillip Rogaway.
[ad]
A Block-Cipher Mode of Operation for Parallelizable Message Authentication.
Advances in Cryptology - EUROCRYPT '02.
Lecture Notes in Computer Science, vol. 2332,
pp. 384-397,
Springer, 2002.
Describes a parallelizable message authentication code
whose final version is used within OCB.
PDF /
Phillip Rogaway, Mihir Bellare, and John Black.
[ocb]
OCB: A Block-Cipher Mode of Operation
for Efficient Authenticated Encryption.
ACM Transactions on Information and System Security (TISSEC),
vol. 6, no. 3, pp. 365-403, August 2003.
Earlier version, with Ted Krovetz, in
Eighth ACM Conference on Computer and Communications
Security (ACM CCS),
ACM Press, pp. 196-205, 2001.
Specifies the original version of the OCB algorithm, before associated data
was dealt with and before the simplifications associated to the use
of tweakable blockciphers.
Back to the OCB home page