LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does the CBC-MAC work, and what is the role of the initialization vector (IV)?

CBC-MAC chains block cipher encryptions: each plaintext block is XORed with the previous ciphertext block before encryption, and the final block's output is the MAC.

CBC-MAC: each block XORed with the previous cipher output, last block is the MAC

* The chaining makes every block feed forward, so any change cascades into the final block — the MAC. *

Structure:

  1. Split the message into blocks ($Block_1, Block_2, ..., Block_n$)
  2. XOR $Block_1$ with the IV, then encrypt with key K → output $C_1$
  3. XOR $Block_2$ with $C_1$, encrypt with K → output $C_2$
  4. Continue chaining... final output $C_n$ = MAC

The IV problem:

  • Theoretically, the IV has the same role as in CBC encryption mode
  • But transmitting the IV in cleartext creates a vulnerability:
    • Eve can create a new Block 1, adjust the IV so that $IV_{new} \oplus Block1_{new} = IV \oplus Block1$, producing the same MAC
  • Solution: Set IV to all zeros (00...00) and don't transmit it

Historical note: CBC-MAC (ANSI X9.9) is the "mother" of all block-cipher-based integrity mechanisms. It has known theoretical weaknesses and was officially withdrawn as a standard, but the basic design lives on in industry variants because of the "never change a winning team" mentality.

Go deeper:

  • doc CBC-MAC (Wikipedia) — the construction, the fixed-IV requirement and why length must be fixed to stay secure.

From Quiz: KRYPTOG / One-Way and Hash Functions | Updated: Jul 14, 2026