AES cipher in GCM, CCM, or CBC-MAC mode?

crawfish picture crawfish · Jul 16, 2012 · Viewed 10.6k times · Source

I've been looking around for an article describing these modes in layman's terms but have not yet found anything helpful. So, what are the positives and negatives of each mode? Thanks

GCM

CCM

CBC-MAC

Answer

TheNewOne picture TheNewOne · Jul 16, 2012

CCM- this mode accepts a variable-length authentication tags from 32-bits to 128-bits so it actually allowing varying degrees of protection against unauthorized modifications the cons:

  • The CCM mode dose not provide for confidentiality-only services. in some cases, it uses data authenticity mechanism from external.

GCM- The encryption and authentication of GCM are secure against the chosen-plaintext attack, and GCM is also secure while using the AES block cipher. but:

  • There are security problems when reusing the IV

For both GCM and CCM you have to use timestamps or replay attack can occur and of course you need an appropriate tag length.

for CBC-MAC it depends because you use CBC to create the MAC and CBC offers serial encryption and parallel decryption but a change of one bit in a block changes everything that comes after in the encryption but doesn't affect the decryption. A known problem with CBC-MAC is using the same key for encryption and for authentication in this case if you use CBC mode so the last block would be the MAC.

just for the smile - Cryptography

*here is the place to mention that one of the sources I used is from a german university research.

**EDIT:**found the name of it: ruhr-universität-bochum.