本文深入探讨了由Phillip Rogaway教授设计的OCB认证加密模式,包括其三个版本(OCB1、OCB2、OCB3)的发展历程与应用。OCB1作为IEEE802.11i标准的可选模式,而OCB2则被ISO/IEC19772:2009标准采纳。文章详细介绍了OCB模式的论文背景、关键改进及其实现细节。
OCB是由Phillip Rogaway教授等人设计的一种认证加密模式。到目前为止它已有三个版本:OCB1(2001年)、OCB2(2003年)和 OCB3(2011年)。其中,OCB1 是IEEE 802.11i 的可选工作模式之一(也叫WRAP);OCB2 是ISO/IEC 19772:2009提及的标准之一。有鉴于此,关于OCB的文章比较多,需注意区别。按照OCB主页上的说法,OCB的主要文章是以下几个:
- The original OCB paper. The proceedings version is in ACM CCS (2001) and the journal version is in ACM TISSEC (2003).
- A paper about dealing with associated data. Appears in ACM CCS (2002).
- A paper to develop the message authentication code, PMAC, that shaped the way AUTH is computed in OCB. Appears in EUROCRYPT (2002).
- A paper about efficiently realizing tweakable blockciphers, and about using tweakable blockcipher to improve OCB. Appears in ASIACRYPT (2004).
- Finally, a timing study about AE modes, along with refinements to get to the final version of OCB. Appears at FSE 2011.
LibTomCrypt中的OCB模式是实现了OCB1,参见文章OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption。OCB各版本差别比较大,且OCB1存在某些设计上的不足。
Mode OCB1 had a defect that practitioners were quick to point out: it had not been designed to natively handle associated-data (AD). Associated-data refers to stuff, say a message header, that needs to be authenticated but should not encrypted.
所以在这里不再介绍LibTomCrypt中的OCB模式。
参考文献
- OCB主页 OCB - An Authenticated-Encryption Scheme - Rogaway
- OCB相关问题 OCB - An Authenticated-Encryption Scheme - Background - Rogaway
- 维基百科OCB http://en.wikipedia.org/wiki/OCB_mode
- P. Rogaway, M. Bellare, and J. Black. OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security, vol. 6, no. 3, pp. 365–403, 2003. Earlier version, with T. Krovetz, in CCS 2001.
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
