Table of Contents

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols (and abbreviated terms)
5 Requirements
6 Authenticated encryption mechanism 1 (OCB 2.0)
   6.1 Introduction
   6.2 Specific notation
   6.3 Specific requirements
   6.4 Definition of function M[2]
   6.5 Definition of function M[3]
   6.6 Definition of function J
   6.7 Encryption procedure
   6.8 Decryption procedure
7 Authenticated encryption mechanism 2 (Key Wrap)
   7.1 Introduction
   7.2 Specific notation
   7.3 Specific requirements
   7.4 Encryption procedure
   7.5 Decryption procedure
8 Authenticated encryption mechanism 3 (CCM)
   8.1 Introduction
   8.2 Specific notation
   8.3 Specific requirements
   8.4 Encryption procedure
   8.5 Decryption procedure
9 Authenticated encryption mechanism 4 (EAX)
   9.1 Introduction
   9.2 Specific notation
   9.3 Specific requirements
   9.4 Definition of function M
   9.5 Encryption procedure
   9.6 Decryption procedure
10 Authenticated encryption mechanism 5 (Encrypt-then-MAC)
   10.1 Introduction
   10.2 Specific notation
   10.3 Specific requirements
   10.4 Encryption procedure
   10.5 Decryption procedure
11 Authenticated encryption mechanism 6 (GCM)
   11.1 Introduction
   11.2 Specific notation
   11.3 Specific requirements
   11.4 Definition of multiplication operation
   11.5 Definition of function G
   11.6 Encryption procedure
   11.7 Decryption procedure
Annex A (informative) Guidance on use of the mechanisms
   A.1 Introduction
   A.2 Selection of mechanism
   A.3 Mechanism 1 (OCB 2.0)
   A.4 Mechanism 2 (Key Wrap)
   A.5 Mechanism 3 (CCM)
   A.6 Mechanism 4 (EAX)
   A.7 Mechanism 5 (Encrypt-then-MAC)
   A.8 Mechanism 6 (GSM)
Annex B (informative) Examples
   B.1 Introduction
   B.2 Mechanism 1 (OCB 2.0)
   B.3 Mechanism 2 (Key Wrap)
   B.4 Mechanism 3 (CCM)
   B.5 Mechanism 4 (EAX)
   B.6 Mechanism 5 (Encrypt-then-MAC)
   B.7 Mechanism 6 (GSM)
Annex C (normative) ASN.1 module
   C.1 Formal definition
   C.2 Use of subsequent object identifiers
Bibliography

Abstract

Describes six methods for authenticated encryption, i.e. defined ways of processing a data string with the following security objectives: - data confidentiality, i.e. protection against unauthorized disclosure of data, - data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified, - data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the data originator.

General Product Information

Published
Document Type	Standard
Status	Current
Publisher	International Organization for Standardization
Pages
ISBN
Committee	JTC 1