Comments to NIST concerning AES Modes of Operations : A Suggestion for Handling Arbitrary-Length Messages with the CBC MAC
暂无分享,去创建一个
The CBC MAC is the customary way to make a message authentication code (MAC) from a block cipher. It is the subject of several standards, including [1, 5, 6]. It is well-known and well-understood. Given all this, it seems likely that the CBC MAC will be standardized as an AES mode of operation. In this note we suggest a nice version of the CBC MAC that one might select for this purpose. We recall that the CBC MAC actually comes in a number of different versions. These versions differ in details involving padding (what to do when a message is not a non-zero multiple of the block length), length-variability (how to properly authenticate messages that come in a variety of lengths), and key-search strengthening (making the mode more secure against key-search attacks). Our CBC MAC variant is described in [4], where it is called XCBC. Let us now review this MAC’s definition, as well as the definition for the basic CBC MAC.
[1] G. G. Stokes. "J." , 1890, The New Yale Book of Quotations.
[2] Michael Luby,et al. How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.
[3] Mihir Bellare,et al. The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..