Complete Protocol dictionary, glossary and reference

CMAC: Cipher-based Message Authentication Code

Cipher-based Message Authentication Code (CMAC) is an authentication algorithm defined by the National Institute of Standards and Technology (NIST). Also called NIST-CMAC, it is a keyed hash function that is based on a symmetric key block cipher, such as the Advanced Encryption Standard [NIST-AES]. CMAC is equivalent to the One-Key CBC MAC1 (OMAC1) submitted by Iwata and Kurosawa [OMAC1a, OMAC1b]. OMAC1 is an improvement of the eXtended Cipher Block Chaining mode (XCBC) submitted by Black and Rogaway [XCBCa, XCBCb], which itself is an improvement of the basic Cipher Block Chaining-Message Authentication Code (CBC-MAC). XCBC efficiently addresses the security deficiencies of CBC-MAC, and OMAC1 efficiently reduces the key size of XCBC. There are a few variations of CMAC available, such as AES-CMAC and AES-CMAC-PRF-128 defined by IETF.

Standard Organization

NIST

Related Document

Special Publication 800-38B