Encryption and Authentication
It was designed to provide both authentication and privacy. It is essentially a scheme for integrating a Message Authentication Code (MAC) into the operation of a block cipher. In this way, OCB mode avoids the need to use two systems; a MAC for authentication and encryption for privacy. This results in lower computational cost compared to the application of separate encryption and authentication functions.
OCB mode was designed by Phillip Rogaway, who credits Mihir Bellare, John Black, and Ted Krovetz with assistance and comments on the designs. It is based on the authenticated encryption mode IAPM due to Charanjit S. Jutla (see the OCB FAQ for more details).
There are three versions of OCB: OCB1, OCB2 and OCB3. OCB1 was published in 2001. OCB2 improves on OCB1 by allowing associated data to be included with the message — that is, data that are not encrypted but should be authenticated — and a new method for generating a sequence of offsets. OCB2 was first published in 2003, originally named AEM (Authenticated-Encryption Mode, or Advanced Encryption Mode). OCB3, published in 2011, changes again the way offsets are computed and introduces minor performance improvements.
OCB mode is listed as an optional method in the IEEE 802.11 wireless security standard as an alternative to CCM. OCB2 is standardized in ISO/IEC 19772:2009.
Read more about this topic: OCB Mode