At last month's Workshop on Real-World Cryptography at Stanford University, Phil Rogaway released a new license for OCB, granting free use for all open-source implementations.
http://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf OCB is the fastest authenticated-encryption scheme that I know of, and I encourage OpenSSL to incorporate it. My C implementation achieves a rate of 0.87 CPU cycles per byte processed on Sandy Bridge processors, which is just slightly slower that CTR mode encryption and more than twice as fast as GCM. The difference is even greater on other architectures. On ARM, OCB's authentication overhead (ie, cost beyond CTR encryption) is reported to be 3.5 cpb whereas GCM's is at least 15 cpb (according to OpenSSL's notes in ghash-armv4.pl). More about OCB, including the C code, timing results, academic papers and a draft RFC, can be found at its website http://www.cs.ucdavis.edu/~rogaway/ocb I'd be happy to help with integration. Thank you, Ted Krovetz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
