On the Security of the CCM Encryption Mode and of a Slight Variant

11 years 6 months ago
On the Security of the CCM Encryption Mode and of a Slight Variant
In this paper, we present an analysis of the CCM mode of operations and of a slight variant. CCM is a simple and efficient encryption scheme which combines a CBC-MAC authentication scheme with the counter mode of encryption. It is used in several standards. Despite some criticisms (mainly this mode is not online, and requires non-repeating nonces), it has nice features that make it worth to study. One important fact is that, while the privacy of CCM is provably garanteed up to the birthday paradox, the authenticity of CCM seems to be garanteed beyond that. There is a proof by Jonsson up to the birthday paradox bound, but going beyond it seems to be out of reach with current techniques. Nevertheless, by using pseudo-random functions and not permutations in the counter mode and an authentication key different from the privacy key, we prove security beyond the birthday paradox. We also wonder if the main criticisms against CCM can be avoided: what is the security of the CCM mode when the...
Pierre-Alain Fouque, Gwenaëlle Martinet, Fr&e
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where ACNS
Authors Pierre-Alain Fouque, Gwenaëlle Martinet, Frédéric Valette, Sébastien Zimmer
Comments (0)