On Random Read Access in

Offset codebook or {\mathsf {OCB}} mode is a popular block cipher mode of operation for authenticated encryption. The latest version of this cipher, called {\mathsf {OCB3}} , is one of the finalists in CAESAR. In this paper, we explore the scope of random read access and out-of-sequence decryption in {\mathsf {OCB}} . We observe that the current versions of {\mathsf {OCB}} are inefficient in this respect owing to the ineptness of the underlying mask generating function (MGF). We propose new candidates for MGF based on {\mathsf {AES}} round function, which are efficient in direct computation and provide comparable performance in the usual setting. Our schemes are not the obvious choices for MGF in conventional sense as they do not have optimal almost XOR universal (AXU) bound. In existing {\mathsf {OCB}} designs, the MGFs are required to have 2^{-n} , i.e. optimal, AXU bound in order to upper bound the distinguishing advantage to O(\sigma ^{2}/2^{n}) , where n is the block size of the underlying block cipher and \sigma is the total number of blocks among all queries. We find this specific requirement too restrictive. We abstract the {\mathsf {OCB}} design, termed as {\mathsf {GOCB}} , to look into the universal notion required from the underlying MGF. We propose a relaxed notion of AXU, called locally imperfect XOR universal (LIXU) hash, which can be of independent interest. Using LIXU as the underlying MGF, we recover reasonable security bounds for our schemes.