/siː-mæk/
noun — "the cryptographic signature that proves a message hasn’t been tampered with."
CMAC, short for Cipher-based Message Authentication Code, is a cryptographic algorithm used to verify the integrity and authenticity of messages. It generates a fixed-size tag from a variable-length message using a block cipher, such as AES, ensuring that any alteration in the message can be detected.
Technically, CMAC processes the message in blocks, applies the block cipher, and produces a tag that is sent alongside the message. The recipient uses the same key and algorithm to recompute the tag and compare it with the received one. CMAC prevents forgery and ensures that messages come from authenticated sources.
Key characteristics of CMAC include:
- Message integrity: detects any changes in the message.
- Authentication: verifies that the message originates from a trusted sender.
- Keyed operation: uses a secret symmetric key for security.
- Block cipher-based: typically built on AES or similar ciphers.
- Fixed-length output: produces a consistent tag regardless of message size.
In practical workflows, CMAC is used in secure communications, payment systems, and embedded devices where integrity and authentication are critical. It is often combined with encryption protocols to provide both confidentiality and integrity.
Conceptually, CMAC is like a tamper-evident seal on a package: if the seal is broken or altered, you immediately know the contents were tampered with.
See AES, Cryptography, Digital Signature, PKI, Hash Function.