[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-31509":3,"doc-seo-31509":26},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":4,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":11,"language":20,"language_code":21,"table_of_contents":22,"faqs":23,"seo_title":13,"seo_description":14,"update_tm":24,"read_time":25},31509,1099513958607,"Jiven","https://ap-avatar.wpscdn.com/avatar/100002390cf8733938c?x-image-process=image/resize,m_fixed,w_180,h_180&k=1778829742770036399",8,"Research & Report","A Weakness in OCB3 Used with Short Nonces Allowing for a Break of Authenticity and Confidentiality","OCB3 is a mature, provably secure authenticated encryption mode that supports associated data (AEAD). This note reports a small flaw in OCB3’s security proof that can translate into real-world loss of security even with correct implementation inside a trustworthy, nonce-respecting module. The weakness occurs when OCB3 uses short nonces. Its impact can be worse than nonce repetition: confidentiality and authenticity fail until the key is changed. The root cause is an implicit proof condition and how OCB3 processes the nonce; multiple fixes are proposed.","cbCaimDpwLfA5R9U","https://ap.wps.com/l/cbCaimDpwLfA5R9U","pdf",440648,1,"English","en","# Introduction\n## Authenticated encryption and AEAD\n## OCB generations and standardization\n# Description of OCB3\n## Notation and input/output\n## Encryption algorithm steps","[{\"question\":\"How bad is the impact compared with nonce repetition?\",\"answer\":\"The security implications are described as worse than nonce repetition: confidentiality and authenticity are lost until the key is changed, and the note shows that a single query can suffice with high success probability.\"}]",1779656426,20,{"code":4,"msg":27,"data":28},"ok",{"site_id":29,"language":21,"slug":30,"title":13,"keywords":31,"description":14,"schema_data":32,"social_meta":75,"head_meta":77,"extra_data":79,"updated_unix":24},105,"a-weakness-in-ocb3-used-with-short-nonces-allowing-for-a-break-of-authenticity-and-confidentiality","",{"@graph":33,"@context":74},[34,51,65],{"@type":35,"itemListElement":36},"BreadcrumbList",[37,41,45,48],{"item":38,"name":39,"@type":40,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":42,"name":43,"@type":40,"position":44},"https://docshare.wps.com/document/","Document",2,{"item":46,"name":12,"@type":40,"position":47},"https://docshare.wps.com/document/research-report/",3,{"item":49,"name":13,"@type":40,"position":50},"https://docshare.wps.com/document/a-weakness-in-ocb3-used-with-short-nonces-allowing-for-a-break-of-authenticity-and-confidentiality/31509/",4,{"url":49,"name":13,"@type":52,"author":53,"headline":13,"publisher":55,"fileFormat":58,"description":14,"dateModified":59,"datePublished":59,"encodingFormat":58,"isAccessibleForFree":60,"interactionStatistic":61},"DigitalDocument",{"name":9,"@type":54},"Person",{"url":38,"name":56,"@type":57},"DocShare","Organization","application/pdf","2026-05-24",true,{"@type":62,"interactionType":63,"userInteractionCount":4},"InteractionCounter",{"@type":64},"ViewAction",{"@type":66,"mainEntity":67},"FAQPage",[68],{"name":69,"@type":70,"acceptedAnswer":71},"How bad is the impact compared with nonce repetition?","Question",{"text":72,"@type":73},"The security implications are described as worse than nonce repetition: confidentiality and authenticity are lost until the key is changed, and the note shows that a single query can suffice with high success probability.","Answer","https://schema.org",{"og:url":49,"og:type":76,"og:title":13,"og:site_name":56,"og:description":14},"article",{"robots":78,"canonical":49},"index,follow",{"doc_id":7,"site_id":29}]