Comments to NIST concerning AES Modes of Operation: OCB Mode: Parallelizable Authenticated Encryption
نویسنده
چکیده
This note describes a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. It does this using only djM j=ne + 2 block cipher invocations. Here M is the plaintext (an arbitrary bit string) and n is the block length. The scheme refines one recently suggested by Jutla [Ju00].
منابع مشابه
An FPGA implementation of the AES-Rijndael in OCB/ECB modes of operation
Implementation in one FPGA of the AES-Rijndael in Offset Codebook (OCB) and Electronic Codebook (ECB) modes of operation was developed and experimentally tested using the Insight Development Kit board, based on Xilinx Virtex II XC2V1000-4 device. The circuit was designed to provide simultaneous data privacy and authenticity in applications which require small area such as wireless LANs, cellula...
متن کاملComb to Pipeline: Fast Software Encryption Revisited
AES-NI, or Advanced Encryption Standard New Instructions, is an extension of the x86 architecture proposed by Intel in 2008. With a pipelined implementation utilizing AES-NI, parallelizable modes such as AES-CTR become extremely efficient. However, out of the four non-trivial NIST-recommended encryption modes, three are inherently sequential: CBC, CFB, and OFB. This inhibits the advantage of us...
متن کاملAuthenticated Encryption Modes of Block Ciphers, Their Security and Implementation Properties
In this thesis, four authenticated encryption modes of operation are presented, namely, GCM mode, CCM* mode, OCB mode and CWC mode. These modes can provide confidentiality and authenticity simultaneously. The GCM mode and CCM* mode are in detail introduced. And it shows the comparison of the four modes from different aspects: properties, security, and performance in hardware implementation and ...
متن کاملThe Software Performance of Authenticated-Encryption Modes
We study the software performance of authenticated-encryption modes CCM, GCM, and OCB. Across a variety of platforms, we find OCB to be substantially faster than either alternative. For example, on an Intel i5 (“Clarkdale”) processor, good implementations of CCM, GCM, and OCB encrypt at around 4.2 cpb, 3.7 cpb, and 1.5 cpb, while CTR mode requires about 1.3 cpb. Still we find room for algorithm...
متن کاملOn the Security of CTR + CBC-MAC -- NIST Modes of Operation { Additional CCM Documentation
We analyze the security of the CTR + CBC-MAC (CCM) encryption mode. This mode, proposed by Doug Whiting, Russ Housley, and Niels Ferguson, combines the CTR (“counter”) encryption mode with CBC-MAC message authentication and is based on a block cipher such as AES. We present concrete lower bounds for the security of CCM in terms of the security of the underlying block cipher. The conclusion is t...
متن کامل