CBC-MAC

In cryptography, a cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code (MAC) from a block cipher. The message is encrypted with some block cipher algorithm in cipher block chaining (CBC) mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. This interdependence ensures that a change to any of the plaintext bits will cause the final encrypted block to change in a way that cannot be predicted or counteracted without knowing the key to the block cipher.

To calculate the CBC-MAC of message $m$ , one encrypts $m$ in CBC mode with zero initialization vector and keeps the last block. The following figure sketches the computation of the CBC-MAC of a message comprising blocks $m_{1}\|m_{2}\|\cdots \|m_{x}$ using a secret key $k$ and a block cipher $E$ : CBC-MAC on its own is not secure for variable-length messages^[1] (see the discussion below) and is currently used to construct a pseudorandom function family^[2] and as a component of the CCM mode.

^ Cite error: The named reference BKR was invoked but never defined (see the help page).
^ Cliff, Boyd & Gonzalez Nieto 2009, p. 5.

[BKR-1] Cite error: The named reference BKR was invoked but never defined (see the help page).

[FOOTNOTECliffBoydGonzalez_Nieto20095-2] Cliff, Boyd & Gonzalez Nieto 2009, p. 5.

[1]

[2]