One-key MAC (original) (raw)
One-key MAC (OMAC) is a message authentication code constructed from a block cipher much like the CBC-MAC algorithm. Officially there are two OMAC algorithms (OMAC1 and OMAC2) which are both essentially the same except for a small tweak. OMAC1 is equivalent to CMAC, which became an NIST recommendation in May 2005. As a small example, suppose b = 4, C = 00112, and k0 = Ek(0) = 01012. Then k1 = 10102 and k2 = 0100 ⊕ 0011 = 01112. The CMAC tag generation process is as follows: The verification process is as follows:
Property | Value |
---|---|
dbo:abstract | One-key MAC (OMAC) is a message authentication code constructed from a block cipher much like the CBC-MAC algorithm. Officially there are two OMAC algorithms (OMAC1 and OMAC2) which are both essentially the same except for a small tweak. OMAC1 is equivalent to CMAC, which became an NIST recommendation in May 2005. It is free for all uses: it is not covered by any patents.In cryptography, CMAC is a block cipher-based message authentication code algorithm. It may be used to provide assurance of the authenticity and, hence, the integrity of data. This mode of operation fixes security deficiencies of CBC-MAC (CBC-MAC is secure only for fixed-length messages). The core of the CMAC algorithm is a variation of CBC-MAC that Black and Rogaway proposed and analyzed under the name XCBC and submitted to NIST. The XCBC algorithm efficiently addresses the security deficiencies of CBC-MAC, but requires three keys. Iwata and Kurosawa proposed an improvement of XCBC and named the resulting algorithm One-Key CBC-MAC (OMAC) in their papers. They later submitted OMAC1, a refinement of OMAC, and additional security analysis. The OMAC algorithm reduces the amount of key material required for XCBC. CMAC is equivalent to OMAC1. To generate an ℓ-bit CMAC tag (t) of a message (m) using a b-bit block cipher (E) and a secret key (k), one first generates two b-bit sub-keys (k1 and k2) using the following algorithm (this is equivalent to multiplication by x and x2 in a finite field GF(2b)). Let ≪ denote the standard left-shift operator and ⊕ denote bit-wise exclusive or: 1. * Calculate a temporary value k0 = Ek(0). 2. * If msb(k0) = 0, then k1 = k0 ≪ 1, else k1 = (k0 ≪ 1) ⊕ C; where C is a certain constant that depends only on b. (Specifically, C is the non-leading coefficients of the lexicographically first irreducible degree-b binary polynomial with the minimal number of ones: 0x1B for 64-bit, 0x87 for 128-bit, and 0x425 for 256-bit blocks.) 3. * If msb(k1) = 0, then k2 = k1 ≪ 1, else k2 = (k1 ≪ 1) ⊕ C. 4. * Return keys (k1, k2) for the MAC generation process. As a small example, suppose b = 4, C = 00112, and k0 = Ek(0) = 01012. Then k1 = 10102 and k2 = 0100 ⊕ 0011 = 01112. The CMAC tag generation process is as follows: 1. * Divide message into b-bit blocks m = m1 ∥ ... ∥ mn−1 ∥ mn, where m1, ..., mn−1 are complete blocks. (The empty message is treated as one incomplete block.) 2. * If mn is a complete block then mn′ = k1 ⊕ mn else mn′ = k2 ⊕ (mn ∥ 10...02). 3. * Let c0 = 00...02. 4. * For i = 1, ..., n − 1, calculate ci = Ek(ci−1 ⊕ mi). 5. * cn = Ek(cn−1 ⊕ mn′) 6. * Output t = msbℓ(cn). The verification process is as follows: 1. * Use the above algorithm to generate the tag. 2. * Check that the generated tag is equal to the received tag. (en) |
dbo:wikiPageExternalLink | http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html https://web.archive.org/web/20150223220648/http:/adder.demo.iworks.ro/Go/OMAC/ https://github.com/RustCrypto/MACs/tree/master/cmac https://github.com/SecureAuthCorp/impacket/blob/master/impacket/crypto.py%23L94 https://github.com/SecureAuthCorp/impacket/blob/master/tests/misc/test_crypto.py |
dbo:wikiPageID | 567548 (xsd:integer) |
dbo:wikiPageLength | 7749 (xsd:nonNegativeInteger) |
dbo:wikiPageRevisionID | 1071017031 (xsd:integer) |
dbo:wikiPageWikiLink | dbr:Python_(programming_language) dbr:Ruby_(programming_language) dbr:John_Black_(cryptographer) dbr:Cryptography dbr:NIST dbr:Block_cipher_modes_of_operation dbr:CBC-MAC dbr:Exclusive_or dbr:Finite_field dbc:Finite_fields dbc:Message_authentication_codes dbr:Block_cipher dbr:Phillip_Rogaway dbr:Message_authentication_code dbr:File:CMAC_-_Cipher-based_Message_Authentication_Code.pdf |
dbp:wikiPageUsesTemplate | dbt:Citation_needed dbt:IETF_RFC dbt:Redirect dbt:Reflist dbt:Cryptography_navbox |
dct:subject | dbc:Finite_fields dbc:Message_authentication_codes |
gold:hypernym | dbr:Code |
rdf:type | yago:WikicatMessageAuthenticationCodes yago:Abstraction100002137 yago:Code106667317 yago:Communication100033020 yago:WrittenCommunication106349220 dbo:Film |
rdfs:comment | One-key MAC (OMAC) is a message authentication code constructed from a block cipher much like the CBC-MAC algorithm. Officially there are two OMAC algorithms (OMAC1 and OMAC2) which are both essentially the same except for a small tweak. OMAC1 is equivalent to CMAC, which became an NIST recommendation in May 2005. As a small example, suppose b = 4, C = 00112, and k0 = Ek(0) = 01012. Then k1 = 10102 and k2 = 0100 ⊕ 0011 = 01112. The CMAC tag generation process is as follows: The verification process is as follows: (en) |
rdfs:label | One-key MAC (en) |
owl:sameAs | freebase:One-key MAC yago-res:One-key MAC wikidata:One-key MAC dbpedia-tr:One-key MAC https://global.dbpedia.org/id/4sx2o |
prov:wasDerivedFrom | wikipedia-en:One-key_MAC?oldid=1071017031&ns=0 |
foaf:isPrimaryTopicOf | wikipedia-en:One-key_MAC |
is dbo:wikiPageRedirects of | dbr:Cmac dbr:CMAC dbr:OMAC_(cryptography) |
is dbo:wikiPageWikiLink of | dbr:Block_cipher_mode_of_operation dbr:EAX_mode dbr:Index_of_cryptography_articles dbr:List_of_hash_functions dbr:Mbed_TLS dbr:OMAC dbr:Cmac dbr:CBC-MAC dbr:One-way_compression_function dbr:Block_cipher dbr:CMAC dbr:OMAC_(cryptography) |
is foaf:primaryTopic of | wikipedia-en:One-key_MAC |