Abstract
We analyze the security of the CTR + CBC-MAC (CCM) encryption mode. This mode, proposed by Doug Whiting, Russ Housley, and Niels Ferguson, combines the CTR (“counter”) encryption mode with CBC-MAC message authentication and is based on a block cipher such as AES. We present concrete lower bounds for the security of CCM in terms of the security of the underlying block cipher. The conclusion is that CCM provides a level of privacy and authenticity that is in line with other proposed modes such as OCB.
This work was completed at RSA Laboratories Europe in Stockholm.
Chapter PDF
Similar content being viewed by others
References
J. H. An and M. Bellare. Does Encryption with Redundancy Provide Authenticity? Advances in Cryptology — EUROCRYPT 2001, pp. 512–528, Springer Verlag, 2001.
M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 97), IEEE, 1997.
M. Bellare, J. Kilian, P. Rogaway. The Security of the Cipher Block Chaining Message Authentication Code. Journal of Computer and System Sciences, 61 (3), 362–399, 2000.
M. Bellare and C. Namprempre. Authenticated Encryption: Relations Among Notions and Analysis of the Generic Composition Paradigm. Advances in Cryptology — ASIACRYPT 2000, pp. 531–545, Springer-Verlag, 2000.
M. Bellare and P. Rogaway. Optimal Asymmetric Encryption-How to Encrypt with RSA. Advances in Cryptology — Eurocrypt’ 94, pp. 92–111, Springer Verlag, 1994.
M. Bellare and P. Rogaway. Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Encryption. Advances in Cryptology — ASIACRYPT 2000, pp. 317–330, Springer-Verlag, 2000.
J. Daemen and V. Rijmen. AES Proposal: Rijndael. Contribution to NIST, September 1999. Available from http://csrc.nist.gov/encryption/aes/rijndael/.
W. Diffie and M. Hellman. Privacy and Authentication: An Introduction to Cryptography. Proceedings of the IEEE, 67, pp. 397–427, 1979.
N. Ferguson. Collision Attacks on OCB. Preprint, February 2002.
V. Gligor, P. Donescu. Infinite Garble Extension. Contribution to NIST, 2000. Available from http://csrc.nist.gov/encryption/modes/proposedmodes/.
H. Handschuh and D. Naccache. SHACAL. Contribution to the NESSIE project, 2000.
IEEE Std 1363-2000. Standard Specifications for Public Key Cryptography. IEEE, 2000.
ISO/IEC 9797: Information Technology-Security Techniques-Data Integrity Mechanism Using a Cryptographic Check Function Employing a Block Cipher Algorithm. Second edition, 1994.
É. Jaulmes, A Joux and F. Valette. On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit-A New Construction. Fast Software Encryption, 9th International Workshop, FSE 2002, to appear.
C. S. Jutla. Encryption Modes with Almost Free Message Integrity. Contribution to NIST, 2000. Available from http://csrc.nist.gov/encryption/modes/proposedmodes/.
C. S. Jutla. Parallelizable Encryption Mode with Almost Free Message Integrity. Contribution to NIST, 2000. Available from http://csrc.nist.gov/encryption/modes/proposedmodes/.
J. Katz and M. Yung. Unforgeable Encryption and Chosen-Ciphertext-Secure Modes of Operation. Fast Software Encryption 2000, pp. 284–299, 2000.
H. Krawczyk. The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?). Advances in Cryptology — CRYPTO 2001, pp. 310–331, Springer Verlag, 2001.
M. Liskov, R. L. Rivest and D. Wagner. Tweakable Block Ciphers. Advances in Cryptology — CRYPTO 2002, Springer Verlag, 2002.
A. Menezes, P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.
21. National Institute of Standards and Technology (NIST). FIPS Publication 81: DES Modes of Operation. December 1980.
National Institute of Standards and Technology (NIST). FIPS Publication 180-1: Secure Hash Standard (SHS). April 1995.
National Institute of Standards and Technology (NIST). FIPS Publication 197: Advanced Encryption Standard (AES). November 2001.
E. Petrank, C. Racko.. CBC MAC for Real-Time Data Sources. Journal of Cryptology, 13 (3), pp. 315–338, 2000.
P. Rogaway. IEEE 802.11-01/156r0: Some Comments on WHF Mode. March 2002. Available from http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-doc.htm.
P. Rogaway, M. Bellare, J. Black and T. Krovetz. OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. 8th ACM Conference on Computer and Communications Security (CCS-8), pp. 196–205. ACM Press, 2001.
D. Whiting, R. Housley and N. Ferguson. IEEE 802.11-02/001r2: AES Encryption & Authentication Using CTR Mode & CBC-MAC. March 2002.
D. Whiting, R. Housley and N. Ferguson. Counter with CBC-MAC (CCM), AES Mode of Operation Contribution to NIST, May 2002. Available from http://csrc.nist.gov/encryption/modes/proposedmodes/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jonsson, J. (2003). On the Security of CTR + CBC-MAC. In: Nyberg, K., Heys, H. (eds) Selected Areas in Cryptography. SAC 2002. Lecture Notes in Computer Science, vol 2595. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36492-7_7
Download citation
DOI: https://doi.org/10.1007/3-540-36492-7_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00622-0
Online ISBN: 978-3-540-36492-4
eBook Packages: Springer Book Archive