XOCB: Beyond-Birthday-Bound Secure Authenticated Encryption Mode with Rate-One Computation (Full Version).

We present a new block cipher mode of operation for authenticated encryption (AE), dubbed $$\textsf{XOCB}$$ , that has the following features: (1) beyond-birthday-bound (BBB) security based on the standard pseudorandom assumption of the internal block cipher if the maximum block length is sufficiently smaller than the birthday bound, (2) rate-1 computation, and (3) supporting any block cipher with any key length. Namely, $$\textsf{XOCB}$$ has effectively the same efficiency as the seminal $$\textsf{OCB}$$ while having stronger quantitative security without any change in the security model or the required primitive in $$\textsf{OCB}$$ . Although numerous studies have been conducted in the past, our $$\textsf{XOCB}$$ is the first mode of operation to achieve these multiple goals simultaneously.