CMAC


CMAC is a simple variant of the CBC MAC (Cipher Block Chaining Message Authentication Code). Whereas the basic CBC MAC is only secure on messages of one fixed length (and that length must be a multiple of the block size), CMAC takes and is secure across messages of any bit length. CMAC is a variant of the mode called XCBC that was invented and analyzed by John Black and Phillip Rogaway. It enjoys provable-security, with the conventional bounds. The change between XCBC and CMAC is to derive keys K2 and K3 from the underlying key K by way of K2=2*E(K,0) and K3=4*E(K,0). This optimization is due to Tatsu Iwata and Kaoru Kurosawa.

NIST is no longer standardizing modes of operation; they are calling sanctioned methods "recommendations". CMAC became a NIST recommendation in May 2005 by NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, authored by Morris Dworkin.  



To Rogaway's home page