Paper 2017/845

Improved Security for OCB3

Ritam Bhaumik and Mridul Nandi

Abstract

OCB3 is the current version of the OCB authenticated encryption mode which is selected for the third round in CAESAR. So far the integrity analysis has limited to an adversary making a single forging attempt. A simple extension for the best known bound establishes integrity security as long as the total number of query blocks (including encryptions and forging attempts) does not exceed the birthday-bound. In this paper we show an improved bound for integrity of OCB3 in terms of the number of blocks in the forging attempt. In particular we show that when the number of encryption query blocks is not more than birthdaybound (an assumption without which the privacy guarantee of OCB3 disappears), even an adversary making forging attempts with the number of blocks in the order of 2n=L_MAX (n being the block-size and L_MAX being the length of the longest block) may fail to break the integrity of OCB3.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2017
Keywords
OCBOCB3authenticated encryptionintegritymultiple verification query
Contact author(s)
bhaumik ritam @ gmail com
History
2017-09-06: received
Short URL
https://ia.cr/2017/845
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/845,
      author = {Ritam Bhaumik and Mridul Nandi},
      title = {Improved Security for {OCB3}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/845},
      year = {2017},
      url = {https://eprint.iacr.org/2017/845}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.