0

CCM mode of operation combines CBC (for integrity and authentication) and CTR mode (for data confidentiality)

The inputs to the CCM are

  1. A Valid Nonce N which is used in CTR mode
  2. Valid Payload P
  3. Valid Associated data A which will be authenticated but not encrypted
  4. A Vlaid Key K

The CCM Algorithm works as

  1. Apply formatting function on (N,A,P) to make blocks such that B0||B1||B2....Bn = B
  2. AuthenticationTAG = (CBCk (B))LastBlock Truncated to Desired Length of AuthenticationTAG
  3. CiperText = CTRk,N (P || AuthenticationTAG)

Why do we need to include the Nonce N in Authentication? What implications does it have if N is not made part of the authentication tag?

Why do we use same key for both authentication and confidentiality? Why not two separate keys?

crypt
  • 2,417
  • 17
  • 32
  • In CCM the authentication is not based on CMAC like your step 2 mention. – Ruggero Jun 08 '17 at 08:55
  • is it based on cbc only? the exact cmac is not used in it? the cmac generates two subkeys k1 and k2 also, where as in ccm this step is missing? ccm only uses cbc with IV=0, and last block is treated as mac? – crypt Jun 08 '17 at 09:00
  • @Ruggero Please check the question statement now – crypt Jun 08 '17 at 09:04

0 Answers0