Cryptology ePrint Archive: Report 2003/070

A Critique of CCM

P. Rogaway and D. Wagner

Abstract: CCM is a conventional authenticated-encryption scheme obtained from a 128-bit block cipher. The mechanism has been adopted as the mandatory encryption algorithm in an IEEE 802.11 draft standard [15], and its use has been proposed more broadly [16,17]. In this note we point out a number of limitations of CCM. A related note provides an alternative to CCM [5].

Category / Keywords: secret-key cryptography / modes of operation, provable security

Date: received 13 Apr 2003

Contact author: daw at cs berkeley edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20030415:151144 (All versions of this report)

Short URL: ia.cr/2003/070