OCB News and Code


29 May 2014: IETF RFC published.
OCB is RFC 7253. No algorithmic changes were made after draft-irtf-cfrg-ocb-03.

12 June 2013: OCB algorithm change.
Internet-Draft draft-irtf-cfrg-ocb-03 makes a minor change that doesn't affect 128-bit tags, but changes other length tags. Look in the draft to see how OCB-ENCRYPT and OCB-DECRYPT specify the variable "Nonce". It has changed slightly.

10 Jan 2013: free licenses.
Today, at the Real-World Cryptography Workshop at Stanford, Rogaway announced that OCB would be freely licensed for open-source and non-military software. See the license page for details.

7 Jan 2013: IETF Internet-Draft.
The latest Internet Draft, draft-irtf-cfrg-ocb, has changed names. This is part of the OCB specification becoming a internet RFC.

13 Jul 2011: OCB breaks 1.0 cpb [data].
Intel’s Sandy Bridge processor can retire 1 AES round per CPU cycle, twice the rate of Westmere. The OCB code released 13 July 2011 takes advantage of this, reducing published peak rates from 1.5 CPB on Westmere to 0.87 CPB on Sandy Bridge.


Optimized C (last modified 12 June 2013)
Please report any difficulties. Supports AES-NI, OpenSSL, GCC and Microsoft C. Achieves throughput of 0.7 CPU cycles per byte on 4KiB messages on Haswell using gcc-4.8 -march=native -O3.

Unoptimized C (last modified 12 June 2013)
A simple C implementation using OpenSSL for AES. "gcc -lcrypto ocb_ref.c" creates an executable which generates the outputs found at the end of Appendix A of the Internet-Draft.

Unoptimized Ruby (last modified 12 June 2013)
A simple Ruby 1.8 implementation generating the test vectors from the Internet-Draft specification.

Please report errors and comments to Ted Krovetz <ted@krovetz.net>.