 | This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||
| ||||||||||||||
Algorithm 5 and CMAC
I don't have a copy of 9797-1:2011, so I can't check, but it seems there is still a discrepancy (after this edit) between the descriptions in ISO/IEC 9797-1#MAC algorithm 5 and CMAC.
ISO/IEC 9797-1#MAC algorithm 5 says:
MAC algorithm 5 comprises two parallel instances of MAC algorithm 1. The first instance is operates on the original input data.
but the diagram on CMAC shows that the last encryption with k (the original key) is of m'n, not mn as would be implied by "The first instance [of MAC algorithm 1) operates on [all of] the original input data." (Note that n in CMAC is equivalent to q in ISO/IEC 9797-1, both being the number of blocks in the data/message.)
ISO/IEC 9797-1#MAC algorithm 5 also says:
The second instance [of MAC algorithm 1] operates on two key variants generated from the original key
but the diagram on CMAC shows that the key variants k1 and k2 are used to "tweak" mn; there's nothing in the CMAC diagram the remotely looks like MAC algorithm 1 operating on (or with) the two key variants.
Finally ISO/IEC 9797-1#MAC algorithm 5 says:
The final MAC is computed by the bitwise exclusive-or of the MACs generated by each instance of algorithm 1
but the diagram on CMAC shows that the MAC is the result of Ek(...), not the result of an XOR.
Is the algorithm described by the CMAC article actually the same as ISO/IEC 9797-1 MAC algorithm 5? (The CMAC article does not mention 9797-1.) If so, ISO/IEC 9797-1#MAC algorithm 5 needs re-writing so that it is accurate. If not, we should not link to it. Possibly there are multiple algorithms referred to as "CMAC", in which case a disambiguation page might be required. Mitch Ames (talk) 12:53, 26 May 2016 (UTC)