Simple CBC-MAC
CBC-MAC is one of the oldest and most popular MAC algorithms. A MAC algorithm is a cryptographic algorithm that computes a complex function of a plaintext and a secret key; the resulting MAC value is typically appended to the plaintext to protect its authenticity. CBC-MAC is a MAC algorithm based on a block cipher; it is derived from the Cipher Block Chaining (CBC) mode of operation, which is a mode for encryption. CBC-MAC is very popular in financial applications and smart cards.
In the following, the block length and key length of the block cipher will be denoted by n and k respectively. The length (in bits) of the MAC value will be denoted by m. The encryption and decryption with the block cipher E using the key K will be denoted by \(E_K(\cdot)\) and \(D_K(\cdot)\), respectively. An n-bit string consisting of zeroes will be denoted by \(0^n\).
CBC-MAC is an iterated MAC algorithm, which consists of the following steps (see also Figure 1:
Padding and splitting of the...
This is a preview of subscription content, log in via an institution to check access.
References
3GPP (2002). “Specification of the 3GPP confidentiality and integrity algorithms. Document 1: f8 and f9 specification.” TS 35.201.
ANSI X9.9 (revised) (1986). “Financial institution message authentication (wholesale).” American Bankers Association.
ANSI X9.19 (1986). “Financial institution retail message authentication.” American Bankers Association.
Bellare, M., J. Kilian, and P. Rogaway (2000). “The security of cipher block chaining.” Journal of Computer and System Sciences, 61 (3), 362–399.
Earlier version in Advances in Cryptology—CRYPTO'94, Lecture Notes in Computer Science, vol. 839, ed. Y. Desmedt. Springer-Verlag, Berlin, 341–358.
Black, J. and P. Rogaway (2000). “CBC-MACs for arbitrary length messages.” Advances in Cryptology—CRYPTO 2000, Lecture Notes in Computer Science, vol. 1880, ed. M. Bellare. Springer-Verlag, Berlin, 197–215.
Black, J. and P. Rogaway (2002). “A block-cipher mode of operation for parallelizable message authentication.” Advances in Cryptology—EUROCRYPT 2002, Lecture Notes in Computer Science, vol. 2332, ed. L. Knudsen. Springer-Verlag, Berlin, 384–397.
Brincat, K. and C.J. Mitchell (2001). “New CBC-MAC forgery attacks.” Information Security and Privacy, ACISP 2001, Lecture Notes in Computer Science, vol. 2119, eds. V. Varadharajan and Y. Mu. Springer-Verlag, Berlin, 3–14.
Coppersmith, D., L.R. Knudsen, and C.J. Mitchell (2000). “Key recovery and forgery attacks on the MacDES MAC algorithm.” Advances in Cryptology—CRYPTO 2000, Lecture Notes in Computer Science, vol. 1880, ed. M. Bellare. Springer-Verlag, Berlin, 184–196.
Coppersmith, D. and C.J. Mitchell (1999). “Attacks on MacDES MAC algorithm.” Electronics Letters, 35 (19), 1626–1627.
FIPS 113 (1985). “Computer data authentication.” NIST, US Department of Commerce, Washington, DC.
ISO 8731:1987 (1987). “Banking—approved algorithms for message authentication.” Part 1, DEA, Part 2, Message Authentication Algorithm (MAA).
ISO/IEC 9797:1999 (1999). “Information technology—security techniques—message authentication codes (MACs).” Part 1: Mechanisms Using a Block Cipher.
Iwata, T. and K. Kurosawa (2003). “OMAC: One key CBC MAC.” Fast Software Encryption, Lecture Notes in Computer Science, vol. 2887, ed. T. Johansson. Springer-Verlag, Berlin, 129–153.
Jaulmes, E., A. Joux, and F. Valette (2002). “On the security of randomized CBC-MAC beyond the birthday paradox limit: A new construction.” Fast Software Encryption, Lecture Notes in computer Science, vol. 2365, eds. J Daemen and V Rijmen. Springer-Verlag, Berlin, 237–251.
Joux, A., G. Poupard, and J. Stern (2003). “New attacks against standardized MACs.” Fast Software Encryption, Lecture Notes in Computer Science, vol. 2887, ed. T. Johansson. Springer-Verlag, Berlin, 170–181.
Knudsen, L. (1997). “Chosen-text attack on CBC-MAC.” Electronics Letters, 33 (1), 48–49.
Knudsen, L. and T. Kohno (2003). “Analysis of RMAC.” Fast Software Encryption, Lecture Notes in Computer Science, vol. 2887, ed. T. Johansson. Springer-Verlag, Berlin, 182–191.
Knudsen, L.R. and C.J. Mitchell (2003). “Analysis of 3GPP-MAC and two-key 3GPP-MAC.” Discrete Applied Mathematics, 128 (1), 181–191.
Knudsen, L.R. and C.J. Mitchell (2003). “Partial key recovery attack against RMAC.” Preprint.
Knudsen, L. and B. Preneel (1998). “MacDES: MAC algorithm based on DES.” Electronics Letters, 34 (9), 871–873.
Mitchell, C.J. (2003). “Key recovery attack on ANSI retail MAC.” Electronics Letters, 39, 361–362.
NIST Special Publication 800-38B (2002). Draft Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode.
Petrank, E. and C. Rackoff (2000). “CBC MAC for real-time data sources.” Journal of Cryptology, 13 (3), 315–338.
Preneel, B. and P.C. van Oorschot (1995). “MDx-MAC and building fast MACs from hash functions.” Advances in Cryptology, Proceedings Crypto'85, LNCS 218, H.C. Williams, Ed., Springer-Verlag, 1985, pp. 1–14.
Preneel, B. and P.C. van Oorschot (1996). “A key recovery attack on the ANSI X9.19 retail MAC.” Electronics Letters, 32 (17), 1568–1569.
Preneel, B. and P.C. van Oorschot (1999). “On the security of iterated message authentication codes.” IEEE Trans. on Information Theory, IT-45 (1), 188–199.
RIPE (1995). “Integrity primitives for secure information systems.” Final report of RACE integrity primitives evaluation (RIPE-RACE 1040). Lecture Notes in Computer Science, vol. 1007, eds. A. Bosselaers and B. Preneel. Springer-Verlag, Berlin.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Preneel, B. (2005). CBC-MAC and Variants. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_46
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_46
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering