On Random Read Access in OCB
IEEE Transactions on Information Theory
Offset codebook or OCB mode is a popular block cipher mode of operation for authenticated encryption. The latest version of this cipher, called OCB3 , is one of the finalists in CAESAR. In this paper, we explore the scope of random read access and out-of-sequence decryption in OCB. We observe that the current versions of OCB are inefficient in this respect owing to the ineptness of the underlying mask generating function (MGF). We propose new candidates for MGF based on AES round function, which are efficient in direct computation and provide comparable performance in the usual setting. Our schemes are not the obvious choices for MGF in conventional sense as they do not have optimal almost XOR universal (AXU) bound. In existing OCB designs, the MGFs are required to have 2-n , i.e. optimal, AXU bound in order to upper bound the distinguishing advantage to O(σ 2/2n) , where n is the block size of the underlying block cipher and σ is the total number of blocks among all queries. We find this specific requirement too restrictive. We abstract the OCB design, termed as GOCB , to look into the universal notion required from the underlying MGF. We propose a relaxed notion of AXU, called locally imperfect XOR universal (LIXU) hash, which can be of independent interest. Using LIXU as the underlying MGF, we recover reasonable security bounds for our schemes.
Jha, Ashwin; Mancillas-Lopez, Cuauhtemoc; Nandi, Mridul; and Gupta, Sourav Sen, "On Random Read Access in OCB" (2019). Journal Articles. 576.