Score:2

What motivated CCM's monstrous design?

vu flag

The formatting function in Appendix A of NIST-SP-800-38C is a monster enabling CCM to support variable-length nonce from 7-13 bytes, variable-length encoding of the length of the payload. Also, the tag length is encoded in the formatting function making naive truncating of the MAC tag potentially incompatible with ciphertext instances with specific parameters.

The GCM mode and ChaCha20-Poly1305 are much better - they are similar, both use counter mode, applying MAC over ciphertext, etc.

What motivated IEEE to design CCM like this (NIST imported CCM definition from their draft)?

Paul Uszak avatar
cn flag
Re.:Better... GCM/Cha/poly is streamable. CCM isn't.
Patriot avatar
cn flag
@DannyNiu You might want to ask the question this way: "What could have motivated IEEE to design CCM...
SAI Peregrinus avatar
si flag
With the current wording and it being the IEEE I'm tempted to answer "huffing too many solder flux fumes over the years".
Maarten Bodewes avatar
in flag
On the bright side: it does allow you to use CBC-MAC without worrying (overly much) about attacks on it. CMAC requires additional operations. EAX mode does better w.r.t streaming, but it is less efficient as it does use CMAC and some additional memory to store the intermediate authentication. It does have the benefit that you can stream *anything* and *in any order* though, something that is uncommon for other authentication schemes. I do agree that CCM is trying to be too clever and the required bit f***ing is a major headache.
pe flag
According to [Rogaway and Wagner](https://web.cs.ucdavis.edu/~rogaway/papers/ccm.pdf), CCM was designed to avoid the patented OCB in the IEEE 802.11 standard. That standard demanded up to 65536-byte messages and 64-bit tags, so I suppose they figured that specializing the modes like this for each protocol was a good idea..
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.