Talking about Rogaway: I implemented OCB3 a long time ago as an exercise (after failing for many weeks to get GCM working. I am neither a programmer nor mathematician). Iirc it could have any nonce length up to 120ish bits. I don't remember much from it.
Could it be extended in a similar way to be more like xchacha with 192 bit nonces where using random nonces are easier?
I don’t remember much about the specifics of OCB. But the xchacha/xsalsa20 approach is completely generic, so can be applied to any cipher: effectively just run a large nonce through a PRF to derive a fresh key for each message.
Could it be extended in a similar way to be more like xchacha with 192 bit nonces where using random nonces are easier?