CBC-MAC

The most well-known examples of MAC algorithms use either a block cipher or a hash function as a ‘building block.’ We will look at one example of each technique, beginning with block ciphers.

The first MAC design we’ll describe will hopefully look familiar. This MAC is commonly referred to as a cipher block chaining message authentication code (CBC-MAC) and is based on a block cipher. An early banking standard defined CBC-MAC using DES, so the MAC operated on blocks of 64 bits. We present the CBC-MAC construction in a more general form. Any block cipher, such as AES, could be used.

Computing CBC-MAC

We assume that the sender and the receiver agree in advance upon a symmetric key $K$. We also assume that the message $M$ has been split into blocks of the same length as the block length of the block cipher (64 bits for DES or 128 bits for AES) to process it. In the illustration below these blocks are labeled $M_1, M_2, ... , M_n$. If the message doesn’t fit neatly into blocks, then we pad the last block.