Skip to main content
SpringerLink
Log in

The Security of the OCB Mode of Operation without the SPRP Assumption

  • Conference paper
Provable Security (ProvSec 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8209))

Included in the following conference series:

Abstract

OCB is an efficient, rate-1, single-key block-cipher mode of operation for nonce-based authenticated encryption. The OCB mode uses the block-cipher inverse for decryption, and existing security proofs of OCB are all based on the assumption that the underlying cipher is a strong pseudo-random permutation (SPRP). In this work, this assumption is substantially weakened. Namely, we show that, for the security of OCB, we only need to assume that the cipher is a) secure as a plain PRP (under chosen-plaintext attacks), and b) unpredictable, which is a notion strictly weaker than being pseudo-random, under chosen-ciphertext attacks. We also point out that, in the case of tag truncation, our security reduction would become “better” (in the sense of assumptions we have to make) if OCB were equipped with two independent block-cipher keys. To our knowledge, in the area of authenticated encryption, our result is the first example to show that the number of keys makes a fundamental difference in the essential requirements of the underlying cipher.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. An, J.H., Bellare, M.: Constructing VIL-MACs from FIL-MACs: Message authentication under weakened assumptions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 252–269. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  2. Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive: Report 2004/309 (2004)

    Google Scholar 

  3. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Black, J.A., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. CAESAR: Competition for authenticated encryption: Security, applicability, and robustness (2013), http://competitions.cr.yp.to/caesar.html

  8. Dodis, Y., Pietrzak, K., Puniya, P.: A new mode of operation for block ciphers and length-preserving MACs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 198–219. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Dodis, Y., Steinberger, J.: Message authentication codes from unpredictable block ciphers. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 267–285. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Dodis, Y., Steinberger, J.: Domain extension for MACs beyond the birthday barrier. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 323–342. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31–49. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Jonsson, J.: On the security of CTR + CBC-MAC. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 76–93. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Lee, J., Steinberger, J.: Multi-property-preserving domain extension using polynomial-based modes of operation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 573–596. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 447–447. Springer, Heidelberg (1986)

    Google Scholar 

  17. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  18. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Naor, M., Reingold, O.: From unpredictability to indistinguishability: A simple construction of pseudo-random functions from MACs (extended abstract). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 267–282. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  20. NIST: DES modes of operation. FIPS Publication 81 (1980)

    Google Scholar 

  21. NIST: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) for confidentiality and authentication. Special Publication 800-38D (2007)

    Google Scholar 

  22. NIST: Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality. Special Publication 800-38C (2007)

    Google Scholar 

  23. Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS 2002, pp. 98–107. ACM Press (2002)

    Google Scholar 

  24. Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  25. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 196–205. ACM (2001)

    Google Scholar 

  26. Wagner, D.: The boomerang attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  27. Whiting, D., Housley, R., Ferguson, N.: AES encryption & authentication using CTR mode & CBC-MAC. IEEE P802.11 doc 02/001r2 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Secure Platform Laboratories, Japan

    Kazumaro Aoki & Kan Yasuda

Authors
  1. Kazumaro Aoki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kan Yasuda
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong, Northfields Ave, NSW 2522, Wollongong, Australia

    Willy Susilo

  2. École Polytechnique Fédérale de Lausanne, IC LASEC, Bâtiment INF, Station 14, 1015, Lausanne, Switzerland

    Reza Reyhanitabar

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aoki, K., Yasuda, K. (2013). The Security of the OCB Mode of Operation without the SPRP Assumption. In: Susilo, W., Reyhanitabar, R. (eds) Provable Security. ProvSec 2013. Lecture Notes in Computer Science, vol 8209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41227-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41227-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41226-4

  • Online ISBN: 978-3-642-41227-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation