Quiz Entry - updated: 2026.07.14
What is CBC-MAC and how does it provide message integrity?
CBC-MAC uses CBC encryption but only keeps the last ciphertext block as the MAC tag — it proves the message hasn't been tampered with.
* CBC-MAC chains the whole message through CBC and keeps only the last block as the authentication tag. *
The reason a single block can stand in for the whole message is CBC's chaining: each block is folded into the next, so the final block is a function of every preceding block plus the secret key. That makes it a compact fingerprint — change any bit of the message and the last block changes unpredictably, but only someone holding the key can recompute the matching tag.
How it works:
- Encrypt the message using CBC mode with a fixed IV (usually all zeros)
- Discard all intermediate ciphertext blocks
- The final ciphertext block is the MAC tag T
- Send (M, T) to the recipient
Verification:
- Recipient independently computes CBC-MAC over the received message M
- Compares their computed tag T' with the received tag T
- If T' = T, the message is authentic and unmodified
Important properties:
- Uses a separate key from encryption (never use the same key for encryption and MAC)
- The IV should be fixed (usually 0) — NOT random like in CBC encryption
- Only secure for fixed-length messages (for variable-length, use CMAC or HMAC)
CBC-MAC provides:
- Integrity (message not modified)
- Authenticity (message came from someone who knows K)
- Does NOT provide confidentiality
Go deeper:
CBC-MAC (Wikipedia) — the fixed-IV rule and why it only holds for fixed-length messages.