Re: [Cfrg] draft-housley-ccm-mode-00.txt

Gé Weijers <Ge.Weijers@Sun.COM> Fri, 16 August 2002 16:55 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id MAA22739 for <>; Fri, 16 Aug 2002 12:55:07 -0400 (EDT)
Received: (from daemon@localhost) by (8.9.1a/8.9.1) id MAA14843 for; Fri, 16 Aug 2002 12:56:28 -0400 (EDT)
Received: from (localhost []) by (8.9.1a/8.9.1) with ESMTP id MAA14706; Fri, 16 Aug 2002 12:52:54 -0400 (EDT)
Received: from (odin []) by (8.9.1a/8.9.1) with ESMTP id MAA14686 for <>; Fri, 16 Aug 2002 12:52:53 -0400 (EDT)
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id MAA22636 for <>; Fri, 16 Aug 2002 12:51:31 -0400 (EDT)
Received: from esunmail ([]) by (8.9.3+Sun/8.9.3) with ESMTP id KAA26527 for <>; Fri, 16 Aug 2002 10:52:52 -0600 (MDT)
Received: from xpa-fe1 ([]) by edgemail1.Central.Sun.COM (iPlanet Messaging Server 5.2 HotFix 0.8 (built Jul 12 2002)) with ESMTP id <0H0Y008NP4843E@edgemail1.Central.Sun.COM> for; Fri, 16 Aug 2002 10:52:52 -0600 (MDT)
Received: from ([]) by (iPlanet Messaging Server 5.2 HotFix 0.2 (built Apr 26 2002)) with ESMTPSA id <> for; Fri, 16 Aug 2002 10:52:52 -0600 (MDT)
Date: Fri, 16 Aug 2002 09:51:06 -0700
From: =?ISO-8859-1?Q?G=E9?= Weijers <Ge.Weijers@Sun.COM>
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
To: David Wagner <>
Message-id: <>
Organization: Sun Microsystems, Inc.
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
X-Accept-Language: en-us, nl, de-de, de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv: Gecko/20020508 Netscape6/6.2.3
References: <> <ajip36$538$>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by id MAA14687
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <>
Content-Transfer-Encoding: 8bit

David Wagner wrote:

>Can you elaborate?  What advantages do you see for CCM over
>the standard encrypt-then-authenticate generic composition of
>AES-CBC encryption and AES-CBC-MAC (suitably modified to be
>secure for variable-length messages)?  The latter is unencumbered
>and has the same performance characteristics as CCM.
An advantage I can see is the use of the same key for both 
authentication and encryption. I'm not aware of any proof of security 
for an encrypt-then-authenticate design that holds up when you use the 
same key for both encryption and authentication. Using the same key 
halves the key storage requirements for an 802.11 base station.. CCM 
tries to ensure that the likelihood of collisions follows the usual 
birthday bound curve, and the article claims that encrypting the MAC 
value makes analysis of the MAC value impossible.

The proof of security will make for an interesting read.


Cfrg mailing list