Reference: Manuscript, February 2003. Also Cryptology ePrint Archive (eprint.iacr.org), Report 2003/070, April 2003.
Abstract:
CCM is a conventional authenticated-encryption
scheme obtained from a 128-bit block cipher.
The mechanism has been adopted as the
mandatory encryption algorithm
in an IEEE 802.11 draft standard.
and its use has been proposed
more broadly.
In this note
we point out a number of limitations of CCM.
A related note
provides an alternative to CCM.
Rogaway's home page.