On the Security of CTR + CBC-MAC

  • Jakob Jonsson
Conference paper

DOI: 10.1007/3-540-36492-7_7

Volume 2595 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Jonsson J. (2003) On the Security of CTR + CBC-MAC. In: Nyberg K., Heys H. (eds) Selected Areas in Cryptography. SAC 2002. Lecture Notes in Computer Science, vol 2595. Springer, Berlin, Heidelberg


We analyze the security of the CTR + CBC-MAC (CCM) encryption mode. This mode, proposed by Doug Whiting, Russ Housley, and Niels Ferguson, combines the CTR (“counter”) encryption mode with CBC-MAC message authentication and is based on a block cipher such as AES. We present concrete lower bounds for the security of CCM in terms of the security of the underlying block cipher. The conclusion is that CCM provides a level of privacy and authenticity that is in line with other proposed modes such as OCB.


AES authenticated encryption modes of operation 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jakob Jonsson
    • 1
  1. 1.RSA Laboratories EuropeStockholm