| Computer Desktop Encyclopedia: CBC-MAC |
(Cipher Block Chaining-Message Authentication Code) A message integrity method that uses block ciphers such as DES and AES. Each block of plaintext is encrypted with the cipher and then XOR'd with the second encrypted block. That result is XOR'd with the third encrypted block and so on in series. See MAC, message integrity, CBC, XOR and
Download Computer Desktop Encyclopedia to your iPhone/iTouch
| 5min Related Video: CBC-MAC |
| Wikipedia: CBC-MAC |
In cryptography, a Cipher Block Chaining Message Authentication Code, abbreviated CBC-MAC, is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. This interdependence ensures that a change to any of the plaintext bits will cause the final encrypted block to change in a way that cannot be predicted or counteracted without knowing the key to the block cipher.
To calculate the CBC-MAC of message m one encrypts m in CBC mode with zero initialization vector. The following figure sketches the computation of the CBC-MAC of a message comprising blocks 
using a secret key k and a block cipher E:
.svg)
Contents |
Given a secure block cipher, CBC-MAC is secure for fixed-length messages. However, by itself, it is not secure for variable-length messages. An attacker who knows the correct message-tag(i.e. CBC-MAC) pairs (m, t) and (m', t') can generate a third message m'' whose CBC-MAC will also be t'. This is simply done by XORing the first block of m' with t and then concatenating m with this modified m', i.e. by making ![m'' = m \| [(m_1' \oplus t) \| m_2' \| \dots \| m_x']](http://wpcontent.answers.com/math/7/4/c/74c5667f9bce6f64ac554192751b10a0.png)
.
This problem cannot be solved by adding a message-size block (e.g., with Merkle-Damgård strengthening) and thus it is recommended to use a different mode of operation, for example, CMAC to protect integrity of variable-length messages.
One common mistake is to reuse the same key k for CBC encryption and CBC-MAC. Although a reuse of a key for different purposes is a bad practice in general, in this particular case the mistake leads to a spectacular attack. Suppose that one encrypts a message 
in the CBC mode using an IVc − 1 and gets the following ciphertext: 
, where 
. He also generates the CBC-MAC tag for the IV and the message: 
Now an attacker can change every bit before the last block cx − 1 and the MAC tag still be valid. The reason is that 
(this is actually the reason why people make this mistake so often—it allows to increase the performance by a factor of two). Hence as far as the last block is not changed the equivalence t = cx − 1 holds and thus the CBC-MAC tag is correct.
This example also shows that a CBC-MAC cannot be used as a collision resistant one-way function: given a key it is trivial to create a different message which “hashes” to the same tag.
|
|||||||||||||||||||||||||||||||||||
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
 | AES-CCMP (technology) |
| CBC (technology) |
| CMAC |
 | What is a hematology lab test CBC for? Read answer... |
| What does the abbreviation cbc stand for? Read answer... |
| What is the value of a model 722 by cbc? Read answer... |
 | What is cbc 2007? |
| What is CBC brake? |
| Why was the cbc founded? |
Copyrights:
 |
 | Computer Desktop Encyclopedia. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher. © 1981-2010 The Computer Language Company Inc. All rights reserved. Read more |
 |
| Wikipedia. This article is licensed under the Creative Commons Attribution/Share-Alike License. It uses material from the Wikipedia article "CBC-MAC". Read more |
