A Critique of CCM

Authors: Phillip Rogaway and David Wagner

Reference: Manuscript, February 2003. Also Cryptology ePrint Archive (eprint.iacr.org), Report 2003/070, April 2003.

Abstract: CCM is a conventional authenticated-encryption scheme obtained from a 128-bit block cipher. The mechanism has been adopted as the mandatory encryption algorithm in an IEEE 802.11 draft standard. and its use has been proposed more broadly. In this note we point out a number of limitations of CCM. A related note provides an alternative to CCM.

Availability: pdf or ps

Rogaway's home page.