CCM mode – Wikipedia

Authenticated encoding mode for pulley ciphers
CCM mode ( counter with cipher block chaining message authentication code ; counter with CBC-MAC ) is a mode of operation for cryptanalytic auction block ciphers. It is an authenticate encoding algorithm designed to provide both authentication and confidentiality. CCM mode is only defined for block ciphers with a block length of 128 bits. [ 1 ] [ 2 ] The time being of CCM must be cautiously chosen to never be used more than once for a given key. This is because CCM is a derivation of CTR mood and the latter is effectively a stream cipher. [ 3 ]

encoding and authentication [edit ]

As the mention suggests, CCM mode combines the well known CBC-MAC with the well known counter manner of encoding. These two primitives are applied in an “ authenticate-then-encrypt ” manner, that is, CBC-MAC is first computed on the message to obtain a chase thymine ; the message and the tag are then encrypted using counterpunch mode. The main penetration is that the lapp encoding key can be used for both, provided that the counter values used in the encoding do not collide with the ( pre- ) low-level formatting vector used in the authentication. A proofread of security [ 4 ] exists for this combination, based on the security system of the underlying block zero. The proofread besides applies to a generalization of CCM for any size block cipher, and for any size cryptographically potent pseudo-random function ( since in both counter mode and CBC-MAC, the auction block calculate is entirely ever used in one focus ).

CCM mode was designed by Russ Housley, Doug Whiting and Niels Ferguson. At the clock CCM manner was developed, Russ Housley was employed by RSA Laboratories. A child variation of the CCM, called CCM*, is used in the ZigBee standard. CCM* includes all of the features of CCM and additionally offers encryption-only capabilities. [ 5 ]

performance [edit ]

CCM requires two freeze cipher encoding operations on each stop of an encrypted-and-authenticated message, and one encoding on each barricade of associated attested data. According to Crypto++ benchmarks, AES CCM requires 28.6 cycles per byte on an Intel Core 2 central processing unit in 32-bit mode. [ 6 ]

noteworthy inefficiencies :

  • CCM is not an “on-line” AEAD, in that the length of the message (and associated data) must be known in advance.
  • In the MAC construction, the length of the associated data has a variable-length encoding, which can be shorter than machine word size. This can cause pessimistic MAC performance if associated data is long (which is uncommon).
  • Associated data is processed after message data, so it is not possible to pre-calculate state for static associated data.

Patents [edit ]

The catalyst for the development of CCM mood was the submission of OCB modality for inclusion body in the IEEE 802.11i standard. opposition was voiced to the inclusion of OCB mode because of a pending patent application on the algorithm. inclusion of a patent algorithm meant significant license complications for implementors of the standard. While the inclusion of OCB mode was disputed based on these intellectual property issues, it was agreed that the simplification provided by an authenticated encoding system was desirable. therefore, Housley, et alabama. developed CCM modality as a potential alternate that was not encumbered by patents. even though CCM modality is less effective than OCB modality, a patent free solution was preferable to one complicated by patent license issues. consequently, CCM mode went on to become a compulsory part of the IEEE 802.11i standard, and OCB mode was relegated to optional component status, before finally being removed all in all.

practice [edit ]

CCM mood is used in the IEEE 802.11i ( as CCMP, an encoding algorithm for WPA2 ), IPsec, [ 7 ] and TLS 1.2, [ 8 ] ampere well as Bluetooth Low Energy ( as of Bluetooth 4.0 ). [ 9 ] It is available for TLS 1.3, but not enabled by default in OpenSSL. [ 10 ]

See besides [edit ]

References [edit ]

  • RFC 3610: Counter with CBC-MAC (CCM)
  • RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
  • RFC 6655: AES-CCM Cipher Suites for Transport Layer Security (TLS)
  • A Critique of CCM (by the designer of OCB)
generator :
Category : crypto topics

Leave a Reply

Your email address will not be published.