The US National Institute of Standards and Technology (NIST) is recommending a new algorithm for authenticating digital data for federal agencies.
Called CMAC (cipher-based message authentication code), the algorithm can authenticate the source of digital data, such as messages sent over the Internet, and provide assurance that the data have not been modified either intentionally or accidentally.
The main component of CMAC is a block cipher. Within encryption algorithms, block ciphers are used to scramble the data after they are broken down into blocks. In CMAC, the block cipher creates a digital tag that authorized parties can use to verify that the received message has not been altered.
Other authentication mechanisms, such as the hash function message authentication code (HMAC) and digital signatures, have long been available. CMAC is a new option, intended especially for devices in which a block cipher is more readily available than the components of these other mechanisms.
CMAC was submitted to NIST as part of an ongoing effort to develop and update block cipher-based algorithms, called modes of operation. A team of Japanese scientists, Tetsu Iwata and Kaoru Kurosawa of
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (NIST Special Publication 800-38B) is available here. It is the third of a series of publications recommending modes of operation to provide confidentiality or authentication for digital data.